Agencies Must Secure DNS Infrastructure in 10 Days Following Wave of Hijacking

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on January 22 to address ongoing incidents associated with global Domain Name System (DNS) infrastructure tampering.

CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.

On January 9, FireEye blogged that its Mandiant Incident Response and Intelligence teams had identified a wave of DNS hijacking that affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.

FireEye’s blog post states: “While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran.”

The CISA directive requires Federal agencies to take specific steps and comply with reporting procedures to mitigate risks from undiscovered tampering, prevent illegitimate DNS activity, and detect unauthorized certificates – by February 5. Agencies must audit DNS records, change DNS account passwords, add multi-factor authentication to DNS accounts, and monitor certificate transparency logs. Before this, CISA requires an initial status report from agencies by the end of January 25. Given the partial shutdown, CISA will work with department chief information officers at agencies that don’t meet the deadline.

Read the full directive here

Kylie Bull has 20 years' experience in reporting and editing a wide range of security topics, covering geopolitical and policy analysis to international and country-specific trends and events. She is an editor and contributor for Jane's by IHS Markit, a columnist for security and counter-terror publications, and a former managing editor for Homeland Security Today.

Leave a Reply

Latest from Cybersecurity

Go to Top
Malcare WordPress Security