EC-Council Recovers from Cyber-AttackHacker Defaced Site, Compromised Accounts
The EC-Council, which offers certifications and training programs for information security practitioners, is recovering from what it describes as a DNS poisoning attack that led to site outages, website defacement and unauthorized access to certain customers' e-mail accounts.
The domain registrar that the council uses was compromised, which led to the Feb. 22 attack, according to a March 12 statement from the council. The council did not reveal the name of the registrar.
EC-Council security team members had difficulties immediately reaching the appropriate domain registrar personnel to address the situation because the attack happened during the weekend, the statement says. The hacker, as a result, maintained control of the registrar's system and the EC-Council domain during that time period.
During the attack, the domain registrar was unable to secure their servers to a level desired by the EC-Council, and, as a result, the domain registrar was exposed at least two more times to the hacker, the council says. The council experienced a site outage while moving the entire domain to another provider. "Simultaneously, the EC-Council security team instituted additional countermeasures to other EC-Council systems within their direct control and began strengthening other security measures organization-wide," the council says.
Once the hacker obtained domain privileges, the attacker then issued a password reset request to the council's cloud-based e-mail service provider. "This circumvented EC-Council's best practices of using complex passwords and two-factor authentication," the statement says. The hacker then was able to compromise a small number of e-mail accounts, which resulted in unauthorized access to messages in those specific e-mail inboxes for a brief period. The council says approximately 2 percent of its customer base had their accounts compromised.
The EC-Council so far has not determined if any data was compromised in the e-mail accounts the hacker accessed. Customers are being notified about the incident.
The council did not immediately respond to a request for further information.