Domain Name System (DNS) infrastructure hijacking is where an attacker using the compromised credentials, modifies the DNS records like Name Server (NS), Mail Exchanger (MX), Address (A), and replaces the legitimate address with the address that attacker has control.
Once hijacked, the domain name starts resolving to the attacker's controlled infrastructure. Attacker can then obtain valid X.509 certificates for TLS encryption from the certificate authority like LetsEncrypt and gain visitors trust by allowing to continue to establish trusted connection. Once the connection is established, attacker can decrypt, intercept and manipulate web, email and other network traffic before passing on to the legitimate service.
Best practices to help safeguard against this threat
Coocoor monitors your DNS infrastructure against these threats and provides you with alerts so you can take action before it affects your customers.