UPDATED 20:18 EST / JANUARY 22 2019

SECURITY

Homeland Security issues emergency directive following targeted DNS attacks

The Department of Homeland Security today issued an emergency directive ordering federal agencies to audit all Domain Name System records within 10 days.

The directive comes in response to a known security threat, in this case attempts by hackers to hijack DNS records at U.S. government agencies. The DHS Cybersecurity and Infrastructure Security Agency said that it was aware of multiple executive branch agency domains that were hit by a “tampering campaign” and has notified the agencies that maintain them.

The potential attacks start with an hacker compromising user credentials, presumably through phishing, or obtaining the credentials through alternative means so as to make changes to DNS records. Once access is obtained, those behind the attacks alter DNS records to point the domain to a service with an address the attacker controls, allowing them to intercept traffic.

The diversion to other sites may only be short-lived and unnoticed by the user, since the other site allows for manipulation and inspection before passing the traffic on to the legitimate site. In addition, the directive warns the attackers can also obtain valid encryption certificates for an organization’s domain names, allowing them to decrypt traffic and steal user data.

The order requires all executive branch departments except the Department of Defense, the Central Intelligence Agency and the Office of the Director of National Intelligence, to complete a full audit of all public and secondary DNS records within 10 days.

In addition, agencies are required to update passwords for all accounts linked to DNS records, add multifactor authentication and implement certificate transparency log monitoring.

Speculating on the source of the attacks, Tom Kellermann, chief cybersecurity officer at Carbon Black Inc., told SiliconANGLE that such an alert from DHS is historic, essentially warning Americans that Iran has escalated cyberwarfare during the U.S. government shutdown. He added that North Korea may be following suit.

“It’s clear the axis of evil in cyberspace is alive, well and acting opportunistically,” Kellerman said.

Photo: U.S. Coast Guard

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.