The U.S. Department of Homeland Security (DHS) has today issued an "emergency directive" to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days.
The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with "moderate confidence" believe originated from Iran.
Domain - Name - System - DNS - Function
Domain Name System (DNS) is a key function of the Internet that works as an Internet's directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).
What is DNS Hijacking Attack?
DNS - Involves - DNS - Settings - Domain
DNS hijacking involves changing DNS settings of a domain, redirecting victims to an entirely different attacker-controlled server with a fake version of the websites they are trying to visit, often with an objective to steal users' data.
"The attacker alters DNS records, like Address (A), Mail Exchanger (MX), or Name Server (NS) records, replacing the legitimate address of a service with an address the attacker controls," the DHS advisory reads.
Threat - Actors - Credentials - Accounts - Changes
The threat actors have been able to do so by capturing credentials for admin accounts that can make changes to DNS records. Since the attackers obtain valid certificates for the hijacked domain names, having HTTPS enabled will not protect users.
"Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization's domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data," the directive reads.
Wake Up To Breaking News!
Would you let a person who could only get a government job run your life? Well don't!