Recently, the U.S. Department of Homeland Security(DHS) and Cybersecurity & Infrastructure Security Agency(CISA) have begun the tracking of a Domain Name System (DNS) hijacking campaign. With using the following techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for agencies domain names and launch attacks keeping your organization as the man-in-the-middle, including:
- Compromised credentials or obtained via account w/ with to make changes to Domain Name System records.
- Modifying any of the original addresses, mail exchange, name servers, and other Domain Name System records.
- EstablishDomain Name System records value and falsy-obtain encryption certificates for the executive branch.
How Staff Can Address these Domain Name System Attacks?
- Audit Your DNS records – By reviewing business records associated with services offered to users and the public to verify their location.
- Update DNS account passwords – Begin to modify your passwords on every account that has the power to make changes to agency Domain Name System records. Utilizing a password manager can assist in providing better passwords to secure this even further.
- Leverage multi-factor authentication (MFA) – Implement MFA for all accounts on systems that can make changes.
- Track certificate transparency logs – Monitor certificate transparency log-data for certificates issued by CISA OR DHS.
So, What Exactly is at Risk Here?
Software or SaaS applications have become more prevalent than ever, with threats associating with data theft beginning to soar, with a record of 28% increase on attacks related to Office 365 and Google’s GSuite. By utilizing these three key strategies, you can begin securing your business and turn Domain Name System from Do Not Secure, into another fortified line of network defense. By shielding your network with a filtered Domain Name System and utilizing browsing policies, you can successfully keep users safe from malicious sites, and their downloads. This keeps networks secured, with minor tweaks to an Office 365 environment, also preventing harmful attachments out of email inboxes.
- Domain Name System (DNS) – Begin switching towards a Domain Name System (DNS) service that can actively monitor and block known malware sites to begin reducing the risk of exposure to malware. Unless you’ve custom-configured some settings, it’s likely that a site’s DNS provider is your current Internet Service Provider. DNS providers can block this type of access in two methods. Blocking a request made from a user, or by preventing malware from “phoning back home” with your data.
- Internal Policies – These style of filters work to block harmful sites and downloads at the browser level. Similar to the DNS provider at the network level, these systems calculate the risk and based on the amount of potential harm done, will flag these malicious downloads for greater review. Most that need the power to download from harmful websites do receive notifications, although they can go ignored in some cases.
- Email Filtering – In the latest statistics from WebRoot, Microsoft, and Sophos, report ransomware’s #1 attack-vector is still email delivered payloads. Far too often, recipients open files without realizing it wasn’t a file, but instead a malicious application. Microsoft does give Office 365 administrators the ability to block any of the 100 different file types. Although in most cases, businesses need attachments to be sent via email, that’s when the use of Microsoft Ondrive to view files can assist your organization.
If your business feels this is out of the scope of your current provider, or would like another expert opinion, give us a call to schedule a time to chat with one of our technology specialists, or have us visit your site. Reach out to us, and let us know if you need DNS help.