Google's Malaysia site latest to be felled in DNS attacks

Google is the latest victim of an ongoing spate of attacks on DNS records

Google's website for Malaysia was briefly tampered with on Friday, underscoring continuing weaknesses in entities administering crucial website address database records.

The site, "," was functioning normally later on Friday, but had briefly displayed a page put in place by the hackers.

A group calling itself "Team Madleets" claimed responsibility for the hack on Facebook. According to the group's Facebook page, it claimed to have modified Google domains for Serbia, Kenya, Burundi and Pakistan over the last few weeks.

The country-code top level domain ".my" is administered by the Malaysia Network Information Center (MYNIC). An official contacted Friday morning said the organization was investigating a DNS (Domain Name System) attack. It wasn't immediately clear how the group performed the attack.

The DNS is a distributed database that allows a domain name to be translated into an IP address that can be requested by a Web browser. Companies and organizations that hold those records have come under attack by hackers in recent weeks.

Attackers have found success in capturing login credentials for people authorized to modified the records through targeted email attacks known as spear phishing.

If a DNS record is modified, it can cause a person looking for a website to be redirected to a different one controlled by the hacker. That's dangerous because the site a person is redirected to could be engineered to attack a person's computer and deliver malicious software.

Team Madleets describes itself as an ethical hacking group on its Facebook page. In a post, it said the MYNIC hack was not the "result of any kind of hate."

Google did not immediately comment on the attack.

Top-level domains such as ".com" and country-code top level domains are held by a variety of companies and organizations. The security of those records is managed by those companies and is often mostly out of the control of the entities whose DNS records they hold.

A string of prominent companies have been affected by DNS hacks recently, including the New York Times, Huffington Post, Twitter and LeaseWeb.

Earlier this week, a pro-Palestinian group gained entry to Network Solutions' network and modified DNS records for the website of the security companies AVG and Avira; the messaging platform WhatsApp; RedTube, a pornography site; and Alexa, a Web metrics company.

Send news tips and comments to Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags GooglesecurityinternetMalaysia Network Information Center

More about AviraFacebookGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place