Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

How to keep out the DNS Hijackers

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,602
Reaction score
126
If we needed further evidence of the importance of monitoring and securing the Domain Name Systems (DNS) of our businesses and infrastructure, it has now arrived. In the past few weeks there has been international alarm over a campaign of DNS hijacking that strongly appears to be state-sponsored. International infrastructure has been targeted, and the world’s top cyber security professionals are now trying to gather intelligence to better understand this alarming threat – and ensure we are protected against it.

DNS hijacking is not a new threat vector. It refers to the practice of ‘hijacking’ the DNS to intercept the data that passes between user and nameserver. It has been used previously to spread political messages – for example, eBay and Paypal were hijacked by the ‘Syrian Electronic Army’ for ‘denying Syrian citizens the ability to purchase online products’. It can also be an effective way for criminals to gather credentials from sites such as eBay; the criminal redirects the request to an almost-identical website and observes as users enter account names and passwords.

The most worrying incident of DNS hijacking in recent years was against a Brazilian bank in 2017, and extraordinary for its sophistication. The criminals redirected well-meaning customers to a website that looked identical to their bank, complete with SSL certification to ‘validate’ the security of the site. The criminals maintained control of the banking sites for five to six hours researchers now believe, and the cost of the damage is still unknown. The world was shaken – and so we are again.

Both the US and UK Governments have put out warnings over the current spate of DNS hijacking activity amid concern that this attack vector is now becoming a weapon in the arsenal of cyber warfare. The National Cyber Security Centre has confirmed it is currently investigating but has reassured that there are no compromised entities in the UK. We are working with NCSC in their investigations and can echo their reassurance.

The main body of targets appear to have been in the Middle East, but that doesn’t mean the spotlight won’t shift in time. This alarm gives us an impetus to pay more attention to the security of the DNS on which we rely, and to be reminded of the different, ingenious ways criminals can intercept data and hack systems.

Reassuringly, there are steps we can take to make DNS hijacking almost impossible. Following attempts on Nominet’s systems a number of years ago, we promptly implemented two factor authentication (2FA) across our systems and Domain Lock for our registrars.

While 2FA helps verify authenticity, Domain Lock is a tool by which registrars can literally ‘lock’ domains so that no changes can be made without thorough authentication of the domain name owner via 2FA. We have seen no activity since the introduction of these tools but will be using the current noise about DNS hijacking to remind any registrars not already signed up of best practice. Unfortunately, 2FA can be unpopular because it ‘slows down’ authentication. I imagine similar feelings were expressed when seatbelts were first made a legal requirement, but then they started saving lives and we rearranged our priorities. It’s time to do the same in regards cyber security.

And it is not just for registrars, businesses and Government to worry about the security – or vulnerability – of the DNS. Consumers also must take more care, especially as recent reports show that criminals are hijacking home routers as a means of getting into corporate systems. The rise in home working allows for access to remote organisations via home routers, and both companies and their employees need to make sure they are taking the proper precautions, using a VPN to add 2FA whenever staff are working outside the office.

The ubiquity of technology is dulling too many to the threats and risks that lurk online. This current alarm over DNS hijacking is a heady reminder of the importance of the DNS, both for the good guys and the bad. We must ensure we are all taking the necessary steps to keep ourselves, our businesses and our nations safe.

Find out more about Nominet’s Cyber Security Services. Read about Cath’s career in cyber security in her blog.

The post How to keep out the DNS Hijackers appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom