Zoho, one of the world’s largest tech companies, was taken offline due to a domain registrar responding incorrectly to a phishing complaint.
The downtime resulted in nearly 30 million Zoho users being unable to access Zoho’s website. Manually updating DNS records helped some users, but many were left unable to access the site, following relatively low-level misuse of one of Zoho’s mail servers. This was compounded by the fact that the issue was caused by an automated system, and by the time a human had checked the findings, it was too late.
Cath Goulding, Head of Cyber Security at Nominet:
“Given it is an underlying protocol for the way data moves around online, cyber criminals will continue to attempt to abuse the domain name system in a number of ways, everything from malicious redirects to social engineering. As with anything in security, it is a fluid situation and there is no definitive answer, only hard work and communication between the security teams on both sides.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.