Weekly Comments

22 - 29 January 2019

The US Department of Homeland Security has issued an emergency directive to halt a widespread domain name system (DNS) hijack campaign.
The US Department of Homeland Security has issued an emergency directive to halt a widespread domain name system (DNS) hijack campaign. The attacks have been traced to Iran-based threat actors who used compromised credentials to access the targeted organisations' DNS records. The attackers then modify the location to which an organisation's domain name resources resolve to redirect user traffic to attacker-controlled infrastructure. The redirection allows the threat actors to obtain valid encryption certificates for the organisation's domain names, enabling man-in-the-middle attacks. The ongoing campaign has affected domains belonging to government, telecommunication and Internet Service Providers in the Middle East, North Africa, Europe and North America. Organisations can mitigate against DNS hijacks by using strong password and enabling two-factor authentication to secure their DNS account. They should also monitor and audit their DNS records to check for illegitimate DNS activities such as unexpected changes to name server records and use of unauthorised certificates. 

References:
[1] Alert (AA19-024A): DNS Infrastructure Hijacking Campaign
 
 

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence