The National Cyber Security Centre (NCSC), an organisation of the UK Government that provides cybersecurity advice and support for the public and private sector, published an article earlier this year relating to a recent large-scale global DNS hijacking campaign. The article discusses the risks and solutions for protecting organisations against such attacks, whereby the Domain Name System (DNS) records of websites are changed and visitors are subsequently redirected to malicious websites.
In simple terms, the DNS is the service that helps internet users navigate to a domain name by correctly pointing the web browser to an IP address. DNS hijacking does not just impact internet traffic but also email and other kinds of connections to services on the hijacked domain name.
- According to a recent report by Avast, over the last year, a large number of Brazilian users have been targeted with router attacks. The report claims that the DNS settings of more than 180,000 Brazilian routers have been modified by attackers in the first six months of 2019.
- Earlier this month, Cisco Talos also published a report on recently noticed activities from Sea Turtle, a threat group that uses DNS hijacking techniques for cyber-espionage purposes.
The NCSC had first noticed the attempts by attackers to hijack DNS earlier in the year. At the time, the NCSC published an alert to warn organisations, and also revealed that the hijacking campaign had hit several government and commercial organisations worldwide. While most of the affected entities were located in the Middle East region, some organisations were also targeted in the US and Europe.
Domain name hijacking is not something new and although there is no perfect solution to prevent such security breaches, there are actions that domain name owners can take to limit the impact of these attacks on their web services and users, such as:
- Enabling HTTPS for all web applications and services hosted on a domain name.
- Using strong, unique passwords.
- Enabling multi-factor authentication where available.
- Regularly checking the details linked to the account and ensuring that they are up to date and point to the organisation rather than an individual.
- Restricting access to the account only to specific personnel in the company.
- Implementing Registrar/Registry Lock services where possible.
- Implementing SSL monitoring and implementing Domain Name System Security Extensions (DNSSEC) where available.
Although large-scale global DNS hijacking generally targets large corporations, there are also more simple preventative measures that can be implemented by individual consumers, such as installing the latest firmware and checking that websites have valid security certificates.
This post is selected from our Anchovy News publication: Anchovy® is our comprehensive and centralised online brand protection service for global domain name strategy, including new gTLDs together with portfolio management and global enforcement using a unique and exclusive online platform developed in-house. For more information please contact us at mailto:firstname.lastname@example.org