Security Practice Lead
Recently, DNS focused attacks have been on the rise targeting government and critical infrastructure organizations. Consequently, Integration Partner’s recommends the following to lower your risk of DNS compromise:
- Regularly verify DNS records to ensure they’re resolving as intended and not redirected elsewhere. This will help spot any active DNS hijacks.
- Update DNS account passwords. This will disrupt access to accounts an unauthorized actor might currently have.
- Add multi-factor authentication to the accounts that manage DNS records. This will also disrupt access, and harden accounts to prevent future attacks.
- Monitor Certificate Transparency logs for certificates issued that the agency did not request. This will help defenders notice if someone is attempting to impersonate them or spy on their users.
We hope this will help you continue to defend your information assets and please reach out to us if you need any assistance.
DHS Statement on ED19-01: https://cyber.dhs.gov/directives/
Cisco Talos: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html