U.S.-based nonprofit Internet Corporation for Assigned Names and Numbers claims that some of its peers became the target of a "spear phishing" attack after receiving emails that used the "icann.org" addresses.
Thinking that the emails came from within the organization, several ICANN staff members' email credentials ended up being compromised as a result of the attack.
The attack seemed to have started in late November. Normally, spear-phishing attacks are aimed at making people click on links which appear to be valid email log-in pages but are actually not. Apart from being tricked into clicking malicious links, some became victims when they opened attached files loaded with viruses.
"The attack involved email messages that were crafted to appear to come from our own domain being sent to members of our staff," said ICANN.
After gaining the said credentials, the hackers were able to gain access to the organization's other systems. These include ICANN GAC Wiki, the Centralized Zone Data System, ICANN Blog and WHOIS information portal.
Out of all these attacked systems, the one which had the most sensitive information of its account holders exposed is the Centralized Zone System. ICANN had advised the holders to immediately alter their account passwords. Furthermore, they should also remain alert to similar spear phishing attacks as the illegal entry had surely exposed other types of information. These would include information that has been entered by users such as names, usernames, passwords, telephone and fax numbers, email addresses and postal addresses.
ICANN has deactivated all the passwords in the system as a precaution, even though the passwords were kept as salted cryptographic hashes.
Since the organization is responsible for controlling the domain name system of the Internet, ICANN is susceptible to attacks from hackers who want to gather data to breach other targets. The organization believed that the attacks were at least limited and didn't pose a deep threat as a result of security enhancements that were made earlier this year. ICANN said that the organization has instituted additional defense measures since the breach.
"We are providing information about this incident publicly, not just because of our commitment to openness and transparency, but also because sharing of cybersecurity information helps all involved assess threats to their systems," added ICANN.