|
In my recent CircleID post, DNS, Domain Names, and Certificates: The Missing Links in Most Cybersecurity Risk Postures, I highlighted the importance of applying multiple layers of defense to secure these business-critical assets. Last Friday, Brian Krebs, the world-renowned cybersecurity journalist, reiterated the criticality of domain name security because the domain name “e-hawk.net” was stolen from the rightful owner using social engineering tactics targeting its domain name registrar.
In his post, Does Your Domain Have a Registry Lock? Mr. Krebs walked through the tactics and measures companies can use like Registry Lock to protect their vital domain names (see below). He also reiterated that an overwhelming majority of organizations, regardless of industry or geographic location, including the Forbes Global 2000 are at risk with less than 25% having adopted the Registry Lock Protocol.
Best Practices to Maximize Security Against Domain Name & DNS Hijacking (Source)
From my perspective, the reason for this business risk is that there is a general lack of awareness related to domain name and DNS hijacking and the fact that most domain name registrars do not support the Registry Lock Protocol. However, security warnings came from FireEye’s Mandiant team in early 2019 about a global DNS hijacking campaign that appeared to be connected to the Iranian government. This prompted the Department of Homeland Security to issue an emergency directive about mitigating the risk of DNS hijacking.
Cybercriminals are taking advantage of this risk and have been doing so for quite some time. Throughout 2019, Cisco Talos warned about the state-sponsored ‘Sea Turtle’ attack taking control of DNS systems and stated, “the actor ultimately intended to steal credentials to gain access to networks and systems of interest.” And just this week, Reuters reported in “Exclusive: Hackers acting in Turkey’s interests believed to be behind recent cyberattacks—sources” that another group of hackers alleged to be working for the Turkish government’s interests attacked government organizations and companies via DNS hijacking.
Furthermore, domain name registrars have varied controls, processes and security measures. When assessing your domain name registrar capabilities validate that they are applying a Defense in Depth Approach to secure your “vital” domain names:
In closing, ask your domain name registrar tough questions because they hold the “keys to the kingdom,” which can jeopardize your company’s reputation, finances, security, data and intellectual property.
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byCSC
Sponsored byRadix