US Government Announces Emergency Measures To Halt DNS Hijacking

Yesterday, the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to address ongoing incidents associated with global Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them. The directive requires Federal agencies to take specific steps and comply with reporting procedures to mitigate risks from undiscovered tampering, prevent illegitimate DNS activity, and detect unauthorized certificates.

https://twitter.com/JamesConley/status/1087962808099188736

Emily Hacker, Security Researcher at DomainTools:

“DNS hijacking is a particularly dangerous attack technique due to the wide variety of malicious activity that it can facilitate. Whether the redirected traffic is used for phishing purposes, or in order to provide targeted advertisements to people using specific websites, it can be a powerful malicious tool in the wrong hands. The fact that these websites are associated with government and infrastructure targets and the attribution points in the direction of Iran, it is fairly likely that the aim of this hijacking campaign is espionage. This should be taken extremely seriously, and the organizations whose websites have been affected should take the necessary preventative measures in order to avoid further situations such as this.”

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.