DHS issues emergency Directive to prevent DNS hijacking attacks

DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks.

All the details

Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.

The emergency directive requests federal agencies to check public DNS records for all .gov and other domains they manage to ensure that they have not been tampered with. The check must be completed in 10 days and includes Address (A), Mail Exchanger (MX), and Name Server (NS) records.

Within 10 business days, agencies will have to change the passwords for their DNS account and enable multifactor authentication where available, but CISA warns risks for SMS-based MFA.

DHS also instructed federal agencies to monitor Certificate Transparency logs for any abuse related to fraudulently issued certificates.

The overall process and signs of progress will be monitored by the DHS, the agencies must submit a status report by January 25 and a final report for all the actions done in compliance with the directive by February 5.

The gallery

In coordination with government and industry partners, the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of incidents¹involving Domain Name System (DNS) infrastructure tampering. CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.”

“To address the significant and imminent risks to agency information and information systems presented by this activity, this emergency directive requires the following near-term actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates.”

Scanning for vulnerabilities

 All businesses need a way to detect vulnerabilities on their networks. This is especially true for larger businesses and those with sensitive data—banking, government, finance, law, health care, and education are all industries in which safeguarding network data and infrastructure is paramount. But smaller businesses must also ensure their information is secure, without pouring all their IT time and resources into the task.