DHS issues emergency Directive to prevent DNS hijacking attacks

Cyber security + Global news asiftourab todayApril 24, 2019 106 5 141 3

Background
share close

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks.

All the details

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

The emergency directive requests federal agencies to check public DNS records for all .gov and other domains they manage to ensure that they have not been tampered with. The check must be completed in 10 days and includes Address (A), Mail Exchanger (MX), and Name Server (NS) records.

Within 10 business days, agencies will have to change the passwords for their DNS account and enable multifactor authentication where available, but CISA warns risks for SMS-based MFA.

DHS also instructed federal agencies to monitor Certificate Transparency logs for any abuse related to fraudulently issued certificates.

The overall process and signs of progress will be monitored by the DHS, the agencies must submit a status report by January 25 and a final report for all the actions done in compliance with the directive by February 5.

The gallery

In coordination with government and industry partners, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of incidents1involving Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.”

“To address the significant and imminent risks to agency information and information systems presented by this activity, this emergency directive requires the following near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.”

Scanning for vulnerabilities

 All businesses need a way to detect vulnerabilities on their networks. This is especially true for larger businesses and those with sensitive data—banking, government, finance, law, health care, and education are all industries in which safeguarding network data and infrastructure is paramount. But smaller businesses must also ensure their information is secure, without pouring all their IT time and resources into the task.

Written by: asiftourab

Tagged as: , , , , , .

Rate it
Previous post

Post comments (5)

  1. Bryce Legros on May 13, 2019

    Libero fugit sed neque itaque omnis non. Quia nostrum voluptatem pariatur sed fugiat. Impedit autem itaque eaque doloribus. Fugiat exercitationem maiores esse atque dolores aut.

    Autem culpa quisquam reprehenderit in ipsum autem. Totam laborum impedit explicabo. Facere deserunt qui et. Voluptatum sit a accusantium.

  2. Dominic Streich on May 13, 2019

    Quaerat nostrum a sapiente voluptas tempore. Est rerum consectetur assumenda quibusdam id eligendi incidunt. Ut et ab ut dolorem atque est velit. Mollitia maiores similique ducimus iure nobis.

    Voluptatem minus consequuntur magnam est. Consequatur sint id minima ut alias molestiae eum. Vitae assumenda nostrum ducimus aut reprehenderit doloremque architecto.

  3. Ariane Doyle on May 13, 2019

    Officia distinctio exercitationem voluptatem asperiores consequatur cum porro. Aliquid voluptatem officia quam fuga saepe. Sint velit et exercitationem id doloribus fugit eos.

  4. Esteban Hirthe on May 13, 2019

    Nobis voluptates harum alias amet sed corrupti eveniet. Voluptas repellendus tempore adipisci rem aut sit alias. Cupiditate vel vel quis velit. Voluptates deleniti itaque commodi corporis illum.

  5. Rubie Huel on May 13, 2019

    Repellat similique dolore rem atque voluptate ipsum dolorem. Voluptatibus omnis ut voluptas culpa et. Et in ipsa suscipit reprehenderit sit. Debitis iusto voluptatibus possimus explicabo excepturi libero ut.

Leave a reply

Your email address will not be published. Required fields are marked *


LOGO

  • help@tourabs.com
  • info@tourabs.com


Products


Company


Contacts

Support

Follow us