SECURITY
SECURITY
SECURITY
Homeland Security issues emergency directive following targeted DNS attacks
The Department of Homeland Security today issued an emergency directive ordering federal agencies to audit all Domain Name System records within 10 days.
The directive comes in response to a known security threat, in this case attempts by hackers to hijack DNS records at U.S. government agencies. The DHS Cybersecurity and Infrastructure Security Agency said that it was aware of multiple executive branch agency domains that were hit by a “tampering campaign” and has notified the agencies that maintain them.
The potential attacks start with an hacker compromising user credentials, presumably through phishing, or obtaining the credentials through alternative means so as to make changes to DNS records. Once access is obtained, those behind the attacks alter DNS records to point the domain to a service with an address the attacker controls, allowing them to intercept traffic.
The diversion to other sites may only be short-lived and unnoticed by the user, since the other site allows for manipulation and inspection before passing the traffic on to the legitimate site. In addition, the directive warns the attackers can also obtain valid encryption certificates for an organization’s domain names, allowing them to decrypt traffic and steal user data.
The order requires all executive branch departments except the Department of Defense, the Central Intelligence Agency and the Office of the Director of National Intelligence, to complete a full audit of all public and secondary DNS records within 10 days.
In addition, agencies are required to update passwords for all accounts linked to DNS records, add multifactor authentication and implement certificate transparency log monitoring.
Speculating on the source of the attacks, Tom Kellermann, chief cybersecurity officer at Carbon Black Inc., told SiliconANGLE that such an alert from DHS is historic, essentially warning Americans that Iran has escalated cyberwarfare during the U.S. government shutdown. He added that North Korea may be following suit.
“It’s clear the axis of evil in cyberspace is alive, well and acting opportunistically,” Kellerman said.
Photo: U.S. Coast Guard
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
