You count your website as an asset, right? It is the digital front door to your business and the great web address you invested in, MyCompany.com, makes it so convenient for visitors to find. The only problem is that your digital moniker could have been hijacked. What if MyCompany.com actually points visitors to an alternative site, which could be either a vandalized version of your real site or a malicious imposter designed to infect or steal information from your potential customers?
The Domain Name System (DNS) is a digital Rolodex of website URL addresses that looks up a requested website, such as MyCompany.com, and requests the content from the associated IP address (a string of numbers, such as 18.104.22.168), which allows users to remember clever website names rather than numbers. And that’s the source of this hack.
On Tuesday January 22nd, the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Services issued its first emergency directive of 2019 to alert them of this risk. The directives explains the risks of DNS tampering and provides instructions to help federal agencies defend against it. Although this directive applies only to most federal agencies, private sector companies should also review the CISA recommendations as a matter of good cyber hygiene. Look at it as early spring cleaning for your DNS records.
- Verify your DNS records to ensure addresses are resolving as intended and not being redirected elsewhere. This will help you spot any active DNS hijacks.
- Update DNS account passwords. This will disrupt access to accounts that a hacker might have obtained.
- Add multi-factor authentication to the accounts that manage DNS records. This will also disrupt access and harden accounts to prevent future attacks.
- Monitor Certificate Transparency logs for certificates issued that your organization did not request. These logs can enable you to notice if someone is attempting to impersonate your personnel or spy on your users.
Just like a criminal filing a fake change of address, this kind of DNS hacking can do serious damage to your business and your reputation. If you would like some help understanding how you can protect your website, or how to create a comprehensive cyber-protection program, Weaver can help. See our website for information about our services or contact us with your questions any time.
Authored by Kyle Morris.