Sign up to our newsletter
The nonprofit organization that looks after name and internet domains has been hit by a spear phishing hack that has compromised company data, reports The Register.
ICANN – or the Internet Corporation for Assigned Names and Numbers – revealed the breach on a statement on its website this week. It appears that the attacks began last month, and seemed to originate from ICANN servers in order to fool the employees targeted. “The attack resulted in the compromise of the email credentials of several ICANN staff members,” the organization explained.
The details were then used to access systems within ICANN, including the Centralized Zone Data System, the Whois portal, the organization’s blog and the Governmental Advisory Committee’s wiki. The latter of these contains private employee details, as well as giving those with access a view of the zone files of the world’s generic top-level domains. Although nobody can alter the files within the system, hackers would have managed to access information on who is registered within the system, with data such as names, postal addresses, email addresses, usernames and passwords.
“Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution,” the statement explained. The organization is also “providing notices” to all CZDS users whose personal information could be under threat.
PC Mag speculates that the nature of the statement suggests that employees will have clicked on questionable links within legitimate looking emails, or downloaded attachments. In any case, ICANN has promised more precautions in future, stating that “since discovering the attack, we have implemented additional security measures.”
“We are providing information about this incident publicly, not just because of our commitment to openness and transparency, but also because sharing of cybersecurity information helps all involved assess threats to their systems,” the statement concluded.
Author Alan Martin, ESET