Debate Magazine

Dell Customer Support Domain Was Left Unattended for a Month

Posted on the 22 November 2017 by Darkwebnews @darkwebnews

For about a month, the primary domain used by Dell Inc. for purposes of backup and recovery was compromised.

This left Dell customers vulnerable to scams by malicious attackers.

The website was created by the corporation to help customers recover their computers' data.

It was brought about to save unsuspecting customers from losing their data to malware or ransomware attacks.

To take note of the customers' needs, Dell came up with a strategy to collect general feedback from their buyers. The company installs a program on all their computers by the name Dell Backup and Recovery Application.

The organization named the domain "dellbackupandrecoverycloudstorage.com," which is used by almost all its customers.

This website is there to help users of Dell products to be able to restore the factory settings on their computer in case there's an operating system failure.

It is a vital feature taking into consideration the fact that malware and ransomware attacks have been on the rise this year.

The pre-installed software on all Dell computers is used by the company to monitor the progress of the data recovery process. If by any chance the domain is compromised, it is likely to put customers at risk of malicious attacks and scams.

By helping their users back up their files, Dell has been able to mitigate both minor and significant calamities associated with malware attacks.

Although the programs are presumed to be available to all customers, Dell has divided it into two simplified versions.

They include the basic and the premium package, which comes with different merits and features.

A company by the name SoftThinks has been mandated on behalf of Dell to maintain the domain dellbackupandrecoverycloudstorage.com.

This company took the responsibility back in 2013 until June 2017.

But problems surfaced when SoftThinks ended up losing control of the domain through an unclear circumstance. It was speculated that the company did not renew the domain, which led to a cyber attack.

Dell was slow to respond to the incidence, despite the influx of many complaints from customers. Owing to the risk posed by the attack, which might have led customers' data to be compromised, most anti-viruses identified the domain as a virus.

It was confirmed that a Germany-based company by the name teaminternet.com was the new owner of the domain.

This company is responsible for selling typosquatting traffic, as explained by prolific security researcher Brian Krebs.

According to Krebs' analysis of the breach, the domain was soon identified as being susceptible to malware.

This was made so with the help of security tools like and Carbon Black.

These two tools did identify the domain as a threat to Dell computer users and also as a propagation of the dreaded ransomware. This brought fears from all interested parties including Dell and its customers, who were oblivious to the malicious attack.

Dell has come out to clear the air with its customers and defend its name on this matter. They made a few press statements in October to confirm that they had abandoned the domain.

According to Krebs, there is no direct connection that the attack on the domain may have been used to propagate ransomware.

The researcher also added that there doesn't seem to be any evidence that malware has entered users' personal computers, although it's possible that malware may have been disseminated by the domain before the company regained control of it.

In the recent past, more similar problems have been identified with domain hosting companies failing to register and update a domain name.

This yields a major security threat.

The most recent and widely covered case happened with U.S.-based credit reporting giant Equifax earlier this year.

After the system was compromised, exposing millions of consumers' personal information to potential hackers, Equifax set up the website that was separate from the main subdomain of Equifax.com.

The goal was to offer assistance to consumers who were impacted by the breach.

Phishing attackers quickly took advantage of the opportunity to create a fake website that mimicked the look and domain of the original Equifax security site.

And on several occasions, the company carelessly referred customers to the URL of the fake site which had been taken over phishing attackers.

This has led to an increase in fears on such similar cases being propagated to different domain hosting companies.

This attack on Dell Inc. has hit in such a time that most of their customers have had complains that are related to one another.

These complaints include scammers calling customers and pretending to be from the legitimate Dell customer care line.

Some scammers managed to convince Dell customers of their legitimacy by providing them with the unique identification code which is on the back side of each customer's computer.

This has raised a concern of whether any crucial data might have been compromised during the one-month breach.

Most security experts have come to a near-unanimous conclusion that the attack on Dell's backup and recovery domain might have compromised a significant volume of vital customer information.

Although some months have passed since and the problem was only noticed recently, Dell has tried to keep statements about the breach to a minimum.

The silence brings about questions of whether there are measures to mitigate such a problem in the future.

This is because users are not given any choice on whether the recovery and backup program should be installed on their computers before purchase.

Disclaimer:

You need to enable JavaScript to vote


Back to Featured Articles on Logo Paperblog