Image

Image

Image

Unfortunately, Lenovo has been the victim of a cyber attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public facing website. We regret any inconvenience that our users may have if they are not able to access parts of our site at this time. We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information and experience. We are also working proactively with 3rd parties to address this attack and we will provide additional information as it becomes available.It's easy to pick on Lenovo at the moment, but no company should be fooled into thinking that they're not also potentially a target for a similar attack. Even Google found out to its cost earlier this week that it could be plagued by similar mischief-making, after Lizard Squad disrupted the Google Vietnam site via a similar hijack. DNS hijacking appears to be a growing threat, and is a technique not only used by the Lizard Squad hacking gang but also the Syrian Electronic Army and other online criminals. The damage that can be done to a corporate brand through hackers hijacking your website's DNS records are considerable, and many customers may assume that your own computers have been hacked. Companies which wish to protect their websites, and indeed any emails that are being sent to them, need to ask their domain name registrar what steps they are taking to protect against such attacks. For instance, the introduction of two-factor authentication and domain locking can help prevent unauthorised changes to DNS records and may deter hackers. You can also ask registrars if they are implementing DNS Security Extensions (DNSSEC), which can increase a user's trust that they are visiting the site that they intended. Unfortunately, at the moment, many registrars are not providing DNSSEC, leaving it up to website owners to put their trust that registrars services don't have vulnerabilities, and that other security practices (strong passwords and two-factor authentication) will be enough to protect their records from meddling by hackers. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. If you are interesting in contributing to The State of Security, contact us here.
Resources:
Image
