At least 10 domain names have been modified to point to a new IP address following the recent cyber attack to the ‘.lk’ Domain Registry, LK Domain Registry's Domain Registrar Prof. Gihan Dias said.
He said the attack was reported on Saturday (6) morning and was solved by 8.30 am.
“In addition to the servers which run the Domain Name System (DNS), the Registry maintains a registration system through which customers may register new domains, renew domains, change details of their domains, etc.,” he said.
Access to the .lk domain registration systems was restricted to prevent further damage, he said.
“Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes. This issue was immediately reported to our security partner, TechCERT, who began the probe together with the LK technical and the operations teams,” Prof. Dias said.
It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify the incident was done by compromising of the credentials of one system user account and bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet.
However, it was reported that there was no evidence of any other unauthorised access to our systems.
“We have also not found any evidence of changes to any .lk websites, or of any information being stolen from any other .lk websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers.
Together with TechCERT, the shortcomings in our security mechanism have been identified, and we have updated our systems to mitigate these vulnerabilities.
Several other security improvements have also been applied. Our domain registration systems are now back on-line.
When you first log-in to the system, after it is back on-line, we recommend you reset your password by visiting My Profile > Change Password. (Chaturanga Samarawickramam)
RoaringCreek Saturday, 13 February 2021 09:15 AM
In todays cyber protection is to detect before attacked. This is done by observing incoming traffic patterns and block unusual traffic. There are many software tools with some form of AI. We wait for the attack and then take action. The root of Internet traffic are the DNS (Domain Namer Service) servers and they need to be protects. They should get help from Sri Lanka IT Guru, GOTA, Ha Haa Haaa!
Add commentComments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.
In order to critically discuss a movement, we must first understand its etymo
Many battles were fought during the long war between the Sri Lankan armed for
When can one say they’ve had enough of being in a state of ‘wokeness’ a
Members of a dozen Sri Lankan Tamil families gathered in the evening at the r
20 Mar 2023 - 3 - 769
18 Mar 2023 - 2 - 941
18 Mar 2023 - 0 - 640
18 Mar 2023 - 0 - 813
Name - Reply Comment