United States payment processing companies were targeted by BGP hijacking attacks on their DNS servers. These Internet routing attacks were designed to redirect traffic directed at the payment processors to servers controlled by malicious actors who would then attempt to steal the data. On three separate dates in July, Oracle has stated that they saw what appeared to be BGP hijacks that targeted the DNS servers for U.S. payment processors Datawire, Vantiv, or Mercury Payment Systems. According to Oracle, the first attack started on July 6th 2018 with a short duration attack that attempted to reroute the following network prefixes, or blocks of IP addresses. These attacks were targeting the Vantiv and Datawire payment processing companies.
Tim Helming, Director of Product Management at DomainTools:
“These attacks underscore the critical role that DNS plays in security. While the BGP hijacking of the DNS servers’ IP ranges were not attacks on the DNS protocol itself, they had a similar overall outcome. The bottom line is that DNS needs to be considered critical infrastructure, and all aspects of its security need to be treated as such, including the pertinent routing infrastructure.”