At least 10 domain names have been modified to point to a new IP address following the recent cyber attack to the ‘.lk’ Domain Registry, LK Domain Registry's Domain Registrar Prof. Gihan Dias said.
He said the attack was reported on Saturday (6) morning and was solved by 8.30 am.
“In addition to the servers which run the Domain Name System (DNS), the Registry maintains a registration system through which customers may register new domains, renew domains, change details of their domains, etc.,” he said.
Access to the .lk domain registration systems was restricted to prevent further damage, he said.
“Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes. This issue was immediately reported to our security partner, TechCERT, who began the probe together with the LK technical and the operations teams,” Prof. Dias said.
It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify the incident was done by compromising of the credentials of one system user account and bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet.
However, it was reported that there was no evidence of any other unauthorised access to our systems.
“We have also not found any evidence of changes to any .lk websites, or of any information being stolen from any other .lk websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers.
Together with TechCERT, the shortcomings in our security mechanism have been identified, and we have updated our systems to mitigate these vulnerabilities.
Several other security improvements have also been applied. Our domain registration systems are now back on-line.
When you first log-in to the system, after it is back on-line, we recommend you reset your password by visiting My Profile > Change Password. (Chaturanga Samarawickramam)