Sat, 25 May 2024 Today's Paper

Ten domain names modified following cyber attack: LK Domain Registrar

13 February 2021 01:35 am - 1     - {{hitsCtrl.values.hits}}


At least 10 domain names have been modified to point to a new IP address following the recent cyber attack to the ‘.lk’ Domain Registry, LK Domain Registry's Domain Registrar Prof. Gihan Dias said.

He said the attack was reported on Saturday (6) morning and was solved by 8.30 am.

“In addition to the servers which run the Domain Name System (DNS), the Registry maintains a registration system through which customers may register new domains, renew domains, change details of their domains, etc.,” he said.

Access to the .lk domain registration systems was restricted to prevent further damage, he said.

“Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes. This issue was immediately reported to our security partner, TechCERT, who began the probe together with the LK technical and the operations teams,” Prof. Dias said.

It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify the incident was done by compromising of the credentials of one system user account and bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet.

However, it was reported that there was no evidence of any other unauthorised access to our systems.

“We have also not found any evidence of changes to any .lk websites, or of any information being stolen from any other .lk websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers.

Together with TechCERT, the shortcomings in our security mechanism have been identified, and we have updated our systems to mitigate these vulnerabilities.

 Several other security improvements have also been applied. Our domain registration systems are now back on-line.
When you first log-in to the system, after it is back on-line, we recommend you reset your password by visiting My Profile > Change Password. (Chaturanga Samarawickramam)

  Comments - 1

  • RoaringCreek Saturday, 13 February 2021 09:15 AM

    In todays cyber protection is to detect before attacked. This is done by observing incoming traffic patterns and block unusual traffic. There are many software tools with some form of AI. We wait for the attack and then take action. The root of Internet traffic are the DNS (Domain Namer Service) servers and they need to be protects. They should get help from Sri Lanka IT Guru, GOTA, Ha Haa Haaa!

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment