GDT Webinar Series – How to Fail at Security? Reserve Your Spot
Contact

Last week’s DHS “alert” upgraded to "an emergency directive”

  • GDT
  • January 23, 2019

Last week, the US Department of Homeland Security (DHS) issued an alert through its US-CERT (Computer Emergency Readiness Team) division concerning repeated DNS hijacking attacks. Apparently, the alert was well deserved. Yesterday, it was significantly upgraded to an emergency directive due to a spate of recent DNS hijacking incidents that have originated in Iran.

Last week’s alert was due to a recent report published by FireEye, a California-based cybersecurity firm. In it, they provided details concerning a coordinated hacking campaign led by an Iranian cyber-espionage group that had manipulated DNS records for both government agencies and private enterprises.

The hijackers’ end game? Redirect traffic meant for email servers to malicious clones, after which they’ll scan for and gather treasured login credentials.

The Directive

The DHS emergency directive orders all government agencies to carefully audit its DNS records and look for unauthorized changes, especially any related to passwords. And it directs them to enable multi-factor authentication for those accounts that can be managed through DNS records.

In addition, they urge all IT personnel to monitor Certificate Transparency (CT) for recently-issued TLS certificates used for government domains. Also, to pay special attention to any requested by non-government employees.

How does DNS Hijacking work?

In the simplest of definitions, DNS hijacking is simply a means of redirecting traffic to a phony website. As a quick refresher, DNS was invented to translate complex, impossible-to-memorize IP addresses into something that’s far easier to remember (like, for instance, gdt.com—much easier to commit to memory than nine (9) numbers listed in no intuitive, commonsensical order).

When you type in a website’s name, the DNS is called on to direct traffic to its corresponding IP address. Usually your ISP maintains the DNS servers, and if a hacker can crack into them, let the hijacking hijinks begin. From there, they can change victims’ DNS records to point traffic toward their servers. Then their party starts. They capture as much login information as they can stomach.

Who has been affected by the attack?

Currently, the DHS, according to a report published by Cyberscoop, a multimedia provider of cybersecurity-related news and information, is aware of six (6) civilian organizations that have fallen victim to this particular DNS hijacking attack. What the DNS doesn’t know yet is how many government agencies have been affected. In its directive, they outlined a four-step action plan to address the issue. All government agencies have been given ten (10) business days to complete it.

Security Concerns?

To find out how to secure your organization’s network and mission critical data, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

Author

Share this article

You might also like:

See All

Are You Ready for Google’s 90-Day TLS Certificate Validity Limit?

Transport layer security (TLS) is one of the most common tools for keeping users safe on the internet. When automated, TLS certification management can help organizations ensure more reliable and consistent use of TLS, reducing the need for human intervention and risk of human error. In fact, over the years,

GDT Security VP on Leveraging AI & Machine Learning in Cybersecurity

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion

Guard Against the “Elite Eight” Cybersecurity Threats of 2024

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

Stay up-to-date with the industry

Fill out the form and get started!

GDT needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Privacy Policy.

GDT Innovation Campus | 999 Metromedia Place Dallas, TX 75247 | 214.857.6100

Stay up to date

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.

Connect with us

Copyright © 2019-2024 General Datatech, LP. All rights reserved. GDT names and logos are trademarks, or trademarks Reg. U.S. Pat. & TM Office, of General Datatech, LP and/or its affiliates in the U.S. and other countries. Third-party trademarks mentioned or reflected herein are the property of their respective owners. Additionally, the use of the word “partner” does not imply a legal partnership relationship between GDT and any other company.