UPDATED 20:18 EST / JANUARY 22 2019

SECURITY

Homeland Security issues emergency directive following targeted DNS attacks

The Department of Homeland Security today issued an emergency directive ordering federal agencies to audit all Domain Name System records within 10 days.

The directive comes in response to a known security threat, in this case attempts by hackers to hijack DNS records at U.S. government agencies. The DHS Cybersecurity and Infrastructure Security Agency said that it was aware of multiple executive branch agency domains that were hit by a “tampering campaign” and has notified the agencies that maintain them.

The potential attacks start with an hacker compromising user credentials, presumably through phishing, or obtaining the credentials through alternative means so as to make changes to DNS records. Once access is obtained, those behind the attacks alter DNS records to point the domain to a service with an address the attacker controls, allowing them to intercept traffic.

The diversion to other sites may only be short-lived and unnoticed by the user, since the other site allows for manipulation and inspection before passing the traffic on to the legitimate site. In addition, the directive warns the attackers can also obtain valid encryption certificates for an organization’s domain names, allowing them to decrypt traffic and steal user data.

The order requires all executive branch departments except the Department of Defense, the Central Intelligence Agency and the Office of the Director of National Intelligence, to complete a full audit of all public and secondary DNS records within 10 days.

In addition, agencies are required to update passwords for all accounts linked to DNS records, add multifactor authentication and implement certificate transparency log monitoring.

Speculating on the source of the attacks, Tom Kellermann, chief cybersecurity officer at Carbon Black Inc., told SiliconANGLE that such an alert from DHS is historic, essentially warning Americans that Iran has escalated cyberwarfare during the U.S. government shutdown. He added that North Korea may be following suit.

“It’s clear the axis of evil in cyberspace is alive, well and acting opportunistically,” Kellerman said.

Photo: U.S. Coast Guard

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU