7 Important Life Lessons from 19th of March Attacks in Turkey

What is Domain Hijacking?

How Domain Hijack Attacks Can be Prevented?

  • Use strong email passwords and enable two-factor authentication if available.
  • Disable POP if your email provider is able to use a different protocol.
  • Tick the setting “always use HTTPS” under email options.
  • Frequently check the “unusual activity” flag if provided by your email service.
  • Use a two-step (two-factor) authentication if available.
  • Make sure to renew your domain registration in a timely manner with timely payments and register them for at least five years
  • Use a domain-name registrar that offers enhanced transfer protection, i.e., “domain locking” and even consider paying for registry locking.
  • Make sure your WHOIS information is up-to-date and really points to you and you only.
  • If you have 2500 or more domain names consider buying your own registrar.
  • Monitor the DNS constantly

What is DNS Monitoring?

When were the Attacks Took Place?

What kind of Attack was it?

What was the Effect of the Attack?

What Could Be Done with a More Advanced Attack Method?

  • By directing the mail record (MX), incoming and outgoing e-mails to the employees of the company could be read.
  • The data of visitors and users who entered credit card information or other information on the home page could be collected by making a fake page.
  • Social media accounts of the relevant company could be seized by the email reset method.

Who Were the Attackers and How the Attack Carried Out?

How did SOCRadar Detect the Attacks?

How SOCRadar can Detect Similar Attacks?

  • Tracking the NS (Name Server) record changes of the domain
  • Tracking the A record change of the domain
  • Tracking the change of Whois information
  • Tracking changes of website content and header information
  • Automatic monitoring of deep web environments and alarms for company domains

What’s Attack Surface Management?

Why is Attack Surface Management Important?

What are the Similar Cases?

What Lessons Can You Learn from the Attack?

  1. We are as safe as the weakest link of the chain. No matter how much we invest in security.
  2. Registrar companies usually are not taken into account when performing security audits of supplier/3rd party companies. But in reality, they should be placed at the top of the list.
  3. In similar cases, the durations of DNS records should be kept as short as possible in order to be able to recover quickly
  4. “Registrar lock” or “Client Transfer Prohibited” feature must be activated in Whois records.
  5. Registrar companies that do not offer multiple authentication services should not be preferred.
  6. DNS server and whois information changes should be monitored by a service in order to be notified of similar attacks as quickly as possible.
  7. Conducting crisis management exercises and having incident management and response procedures ready can be lifesaving in such incidents.



We empower you to know the unknowns.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store