|
A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks.
Their top concerns are:
CSC’s research on top global eCommerce and shopping domains also reflects similar findings. We found that over 70% of typo domains are owned by third parties, and at least 40% of those show characteristics for mal intent.
The critical importance of domain names in cybersecurity can be demonstrated from recent cyber attacks. In the Liquid cryptocurrency exchange platform incident, hackers were able to gain access to internal systems and databases by compromising the domain name used. In a separate incident on an IT solutions provider, SolarWinds, a key domain name avsvmcloud[.]com was used in a nefarious global campaign to distribute malware, impacting public and private organizations around the world. In this case, the attack was mitigated by Microsoft® when they seized the domain name avsvmcloud[.]com as a kill switch. These cases highlight how domains and DNS can both be used for cybersecurity, and exploited by bad actors for cyber attacks.
There are security controls that can be put in place to reduce threats to domains and DNS, otherwise, the attacks can impact a company’s brand reputation and revenue. We recommend taking a defense-in-depth approach, including:
Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited, and can demonstrate their investment into systems and security; this should include both staff training on cybersecurity, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.
Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.
Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.
Sponsored byRadix
Sponsored byVerisign
Sponsored byCSC
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byDNIB.com