Security vendor Rapid7 has suffered at the hands of the hijackers who hit the DNS registrars of AVG and Aviva earlier this week.
Initially confirmed this afternoon by CTO HD Moore on Twitter, a statement by the company said: “The DNS settings for Rapid7.com and Metasploit.com were changed by a malicious third-party. We have taken action to address the issue and both sites are now locked down. We are currently investigating the situation, but it looks like the domain was hijacked via a spoofed change request faxed to Register.com.
“We apologise for the service disruption, and do not anticipate any further implications for our users and customers at this time. We will keep everyone posted as we learn more, and let the community know if any action is needed.”
For a period, the site redirected to a page hosted by the KDMS group, a pro-Palestinian group who said that after its earlier antics where it redirected the DNS registrar for two anti-virus vendors and mobile messaging service WhatsApp, its statement read: “We was thinking about quitting hacking and disappear again..! But we said: there is some sites that must be hacked. You are one of our targets, therefore we are here.”
Commenting, Robert Hansen, security evangelist at WhiteHat Security, said: “When security companies can be hijacked, that’s a good indicator of how fragile DNS is and what a single point of failure DNS providers have become. Hijacking session tokens, stealing usernames and passwords and redirecting email are just some of the things that become possible when DNS is hijacked.”
