- DNS registrars are actively under attack to takeover DNS domains
- Suspected state level actor, fingers pointing to Iran
- SMS 2FA protection is not enough since SS7 is insecure . Replace with OTP tools.
Following revelation of large scale DNS takeovers discovered by Fireeye, Threatpost writes:
While this campaign employs some traditional tactics, “it is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale,” said researchers. “The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways.” –
The US Dept of Homeland Security “Cyber” has released recommendations on securing your DNS registrations. Responding to headlines like this is a suitable task for a government department but, in my view, the DHS loves it some security theatre and to be noticed. The document is a good read and well suited for engaging IT ‘leaders’ who need a push to change something.
I found this interesting:
CISA recommends using additional factors that are resilient to phishing. Consistent with NIST SP 800-63b, Short Message Service (SMS)-based MFA is not recommended.
We know that SMS for 2FA is no longer secure but first time I’ve seen an official body make that clear enough for a IT manager to have to deal with it.
cyber.dhs.gov – Emergency Directive 19-01 : https://cyber.dhs.gov/ed/19-01/
‘Unprecedented’ DNS Hijacking Attacks Linked to Iran | Threatpost | The first stop for security news – https://threatpost.com/unprecedented-dns-hijacking-attacks-linked-to-iran/140737/
Link: Global DNS Hijacking Campaign: DNS Record Manipulation at Scale « Global DNS Hijacking Campaign: DNS Record Manipulation at Scale | FireEye Inc – https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Link: DNS Infrastructure Hijacking Campaign | US-CERT – https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
Link: Talos Blog || Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: DNSpionage Campaign Targets Middle East – https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html