EC-Council Recovers from Cyber-Attack

Hacker Defaced Site, Compromised Accounts
EC-Council Recovers from Cyber-Attack

The EC-Council, which offers certifications and training programs for information security practitioners, is recovering from what it describes as a DNS poisoning attack that led to site outages, website defacement and unauthorized access to certain customers' e-mail accounts.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

The domain registrar that the council uses was compromised, which led to the Feb. 22 attack, according to a March 12 statement from the council. The council did not reveal the name of the registrar.

EC-Council security team members had difficulties immediately reaching the appropriate domain registrar personnel to address the situation because the attack happened during the weekend, the statement says. The hacker, as a result, maintained control of the registrar's system and the EC-Council domain during that time period.

During the attack, the domain registrar was unable to secure their servers to a level desired by the EC-Council, and, as a result, the domain registrar was exposed at least two more times to the hacker, the council says. The council experienced a site outage while moving the entire domain to another provider. "Simultaneously, the EC-Council security team instituted additional countermeasures to other EC-Council systems within their direct control and began strengthening other security measures organization-wide," the council says.

Once the hacker obtained domain privileges, the attacker then issued a password reset request to the council's cloud-based e-mail service provider. "This circumvented EC-Council's best practices of using complex passwords and two-factor authentication," the statement says. The hacker then was able to compromise a small number of e-mail accounts, which resulted in unauthorized access to messages in those specific e-mail inboxes for a brief period. The council says approximately 2 percent of its customer base had their accounts compromised.

The EC-Council so far has not determined if any data was compromised in the e-mail accounts the hacker accessed. Customers are being notified about the incident.

The council did not immediately respond to a request for further information.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.