Cybersecurity company Palisade reported on a serious vulnerability that threatened all domain names registered in Tonga’s ccTLD .TO. The domain registry, Tonga Network Information Center (TONIC), provides the ability to register new domain names and renew those already registered directly on its website. However, Palisade determined that the site was vulnerable to SQL injection attacks.
This could potentially open the door for attackers to gain access to plaintext master passwords. Then attackers could change the DNS settings for a domain in .TO and, for example, redirect traffic from the corresponding resources to their servers. .TO domains are very popular with large companies. For example, Google uses the Google.to domain, while Amazon, Uber, and Verizon use .to domains for link shortening services. Finally, the official website of the popular cryptocurrency Tether works on Tether.to and serves to carry out transactions worth many hundreds of thousands of dollars every day. If cybercriminals could take control of any of these domains, even for a short time, the consequences would be nothing short of disastrous.
Fortunately, this never happened. Upon discovering the problem, Palisade employees immediately notified TONIC, which responded with maximum efficiency and professionalism: the vulnerability was fixed within 24 hours. There is no evidence that the vulnerability was previously exploited by cybercriminals. The incident took place back in October, but Palisade deemed it necessary to disclose information about it only now.