The Internet Corporation for Assigned Names and Numbers (ICANN) has fallen victim to a phishing attack which resulted in the attackers gaining administrative access to some of ICANN's systems, including its Centralized Zone Data Service (CZDS).
In an email alert sent this morning, ICANN said it believes a spear phishing attack in November resulted in several ICANN staff members' email credentials being compromised. The stolen passwords were then used to gain unauthorised access to multiple ICANN systems, which could have resulted in other usernames and passwords being compromised.
Full Article: http://news.netcraft.com/archives/2014/12/17/icann-hit-by-successful-spear-phishing-attack.htmlOrganisations concerned about these types of attack can use Netcraft's Fraud Detection service, which processes DMARC (Domain-based Message Authentication, Reporting and Conformance) reports on your behalf. These reports are sent by ISPs and e-mail receivers when they see any emails which claim to be from one of your own domains. A web interface shows the status of all of your own domains, any configuration changes required, and highlights unprotected domains being used by fraudsters attacking your customers.
It took quite a bit of effort, but it's worth the extra security.
