Interpreting Global Guidance on Cyber Threats Due to the Ukraine Crisis

Interpreting Global Guidance on Cyber Threats Due to the Ukraine Crisis

It’s hard not to feel saddened by the tragic events taking place in the Ukraine. Thoughts are with everyone across Europe, and the globe, during this difficult time.

As many government-led cybersecurity organizations have advised, businesses and other organizations should look to strengthen their cybersecurity posture, as an increase in cyber threats such as distributed denial of service (DDoS) attacks, phishing, website defacements, ransomware, and malware is likely to happen. Recent alerts from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the UK National Cybersecurity Centre (UK NCSC), are urgently asking companies to comprehensively assess their posture because of the increased likelihood of cyberattacks.

Some key alerts from these organizations include:

With nation states and cybercriminal groups using domain and domain name system (DNS) attacks to compromise enterprises, CSC has organized the information below to help you assess your risk and provide mitigations where you’re vulnerable.

CSC recommends the following domain security protections as a first line of defense in your organization’s zero trust model to prevent cyberattacks originating from:

  • Malicious domain registrations
  • Compromised legitimate domains
  • Email spoofing

Checklist to enhanced security posture

  1. Adopt a defense-in-depth approach for domain management and security
    • Eliminate your third-party risk by assessing your domain registrar’s security, technology, and processes along with your DNS management provider
    • Secure vital domain names, DNS, and digital certificates through:
      • Implementing two-factor authentication
      • Regulating permissions—both normal and elevated—and watching for any changes, as well as adding an authorized contact policy
      • Monitoring DNS activity and deploying DDoS protection
      • Using security measures like domain registry locks, DNS security extensions (DNSSEC), domain-based message authentication reporting and conformance (DMARC), certificate authority authorization (CAA) records, and redundancy on DNS hosting

Download CSC’s Domain Security Checklist >>

  1. Continuously monitor the domain space and key digital channels like marketplaces, apps, social media, and email for brand abuse, infringements, phishing, and fraud
    • Identify domain and DNS spoofing tactics, such as homoglyphs (fuzzy matches and IDNs), cousin domains, keyword match, and homophones
    • Register domains that could be high-value targets related to your brands (i.e., homoglyphs, or country domains) to mitigate the risk of bad actors using them
    • Identify trademark and copyright abuse on web content, online marketplaces, social media, and apps
  1. Leverage global enforcement, including takedowns and advanced techniques in internet blocking
    • Leverage phishing monitoring and a fraud-blocking network of browsers, partners, internet service providers (ISPs), and security information and event management (SIEM) systems
    • Use a combination of actions to enforce on IP infringements and fraud
      • Primary enforcement actions include marketplace delistings, social media page suspensions, mobile app delistings, cease and desist letters, fraudulent content removal, and complete threat vector mitigation
      • Secondary enforcement actions include registrar-level domain suspensions, invalid WHOIS domain suspensions, and fraud alerting
      • Tertiary enforcement actions include Uniform Domain Name Dispute-Resolution Policy and Uniform Rapid Suspension procedures, domain acquisitions, in-depth investigations, and test purchasing
    • Use a range of technical and legal approaches for enforcement, selecting the most appropriate approach case by case
  1. Confirm that your domain registrar’s business practices are not contributing to fraud and brand abuse
    • The following issues are often common with consumer-grade domain registrars:
      • Operating domain marketplaces that drop catch, auction, and sell domain names containing trademarks to the highest bidder
      • Domain name spinning and advocating the registration of domain names containing trademarks
      • Monetizing domain names containing trademarks with pay-per-click sites
      • Frequently occurring breaches resulting in DNS attacks, phishing, and business email compromise

We’re currently engaged with many of our customers to both assess and provide tangible recommendations to quickly control threats. If you have any questions on developing your own cyber security checklist, please contact us.