January 28, 2019

Rise of DNS Attacks

Tags: ,


Patrick Zanella
Security Practice Lead

Recently, DNS focused attacks have been on the rise targeting government and critical infrastructure organizations. Consequently, Integration Partner’s recommends the following to lower your risk of DNS compromise:

  • Regularly verify DNS records to ensure they’re resolving as intended and not redirected elsewhere. This will help spot any active DNS hijacks.
  • Update DNS account passwords. This will disrupt access to accounts an unauthorized actor might currently have.
  • Add multi-factor authentication to the accounts that manage DNS records. This will also disrupt access, and harden accounts to prevent future attacks.
  • Monitor Certificate Transparency logs for certificates issued that the agency did not request. This will help defenders notice if someone is attempting to impersonate them or spy on their users.

 

We hope this will help you continue to defend your information assets and please reach out to us if you need any assistance.


REFERENCES

DHS Statement on ED19-01: https://cyber.dhs.gov/directives/
US-CERT: https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
FireEye: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Cisco Talos: https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html

Contact us to have a conversation around your DNS strategy

  • This field is for validation purposes and should be left unchanged.