Contact Contact Us

WEEKLY COMMENTS

The US Department of Homeland Security has issued an emergency directive to halt a widespread domain name system (DNS) hijack campaign. The attacks have been traced to Iran-based threat actors who used compromised credentials to access the targeted organisations' DNS records. The attackers then modify the location to which an organisation's domain name resources resolve to redirect user traffic to attacker-controlled infrastructure. The redirection allows the threat actors to obtain valid encryption certificates for the organisation's domain names, enabling man-in-the-middle attacks. The ongoing campaign has affected domains belonging to government, telecommunication and Internet Service Providers in the Middle East, North Africa, Europe and North America. Organisations can mitigate against DNS hijacks by using strong password and enabling two-factor authentication to secure their DNS account. They should also monitor and audit their DNS records to check for illegitimate DNS activities such as unexpected changes to name server records and use of unauthorised certificates.

References:
[1] Alert (AA19-024A): DNS Infrastructure Hijacking Campaign

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883