By Alban Kwan, Regional Director, East Asia Share this post
A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cyber security professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks.
Their top concerns are:
- Domain hijacking (41%)
- DNS spoofing and cache poisoning (28%)
- DNS attacks (60% of respondents having been hit by at least one in the past year)
CSC’s research on top global eCommerce and shopping domains also reflects similar findings. We found that over 70% of typo domains are owned by third parties, and at least 40% of those show characteristics for mal intent.
The critical importance of domain names in cyber security can be demonstrated from recent cyber attacks. In the Liquid cryptocurrency exchange platform incident, hackers were able to gain access to internal systems and databases by compromising the domain name used. In a separate incident on an IT solutions provider, SolarWinds, a key domain name avsvmcloud[.]com was used in a nefarious global campaign to distribute malware, impacting public and private organizations around the world. In this case, the attack was mitigated by Microsoft® when they seized the domain name avsvmcloud[.]com as a kill switch. These cases highlight how domains and DNS can both be used for cyber security, and exploited by bad actors for cyber attacks.
There are security controls that can be put in place to reduce threats to domains and DNS, otherwise, the attacks can impact a company’s brand reputation and revenue. We recommend taking a defense-in-depth approach, including:
Use an enterprise-class provider
Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited, and can demonstrate their investment into systems and security; this should include both staff training on cyber security, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.
Secure domain name and DNS portal access
Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.
Control user permissions
Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.
Leverage advanced domain security features, such as:
- DNS security extension (DNSSEC). This encrypts queries to the internet service providers and acts as a visual deterrent for cyber criminals. Moreover, DNSSEC digitally signs the root zone, which means the user can be confident of reaching a legitimate website.
- Registry locks. This stops automated changes of DNS records, preventing execution of unauthorized requests.
- Digital certificate policy. With certification authority authorization (CAA) records, only authorized certification authorities are allowed to issue a certificate on your domains.
- Domain-based message authentication, reporting, and conformance (DMARC). This gives organizations protection against unauthorized use of their domains, commonly known as email spoofing.
- Proactive, continuous monitoring and alerting. This ensures the domain name registrar or DNS hosting provider has continuous monitoring and alerts in place. An example of a robust monitoring and alerting system is CSC Security CenterSM.