DNS hijacking alert

In just the last week, we saw another high profile domain name system (DNS) hijacking incident, as highlighted in this Reuters article. Cyber criminals are increasingly focusing on DNS hijacking as a way to redirect websites, intercept email, capture private data, and breach networks for espionage and financial gain.

The Reuters article speaks of a new wave of cyber attacks targeting governments and other organisations in Europe and the Middle East. Officials believe this attack to be the work of hackers acting in the interests of the Turkish government.

In the U.S., federal agencies, including the U.S. Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA), have warned that attackers are more frequently targeting and hijacking DNS servers to cause disruptions (see: DHS Issues More Urgent Warning on DNS Hijacking).

The attacks highlight a weakness in a core pillar of online infrastructure—DNS—that can leave victims exposed to attacks happening outside their firewalls, making them difficult to detect and mitigate. By reconfiguring parts of the DNS system, hackers are able to redirect visitors to imposter websites, such as a fake email service, and capture passwords and other text entered there. In the case of the U.S. attack on voter registration systems, attackers tried a distributed denial of service (DDoS) attack to overwhelm the DNS server system.

Deploying DNS security extensions (DNSSEC) is a critical step in protecting yourself against DNS hijacking. One of the best technologies available, it will ensure you a high level of DNS security. A recent Krebs on Security article recommended MultiLock and DNSSEC as specific security standards you can implement. We also recommend ensuring you choose a more secure DNS server and following these simple rules:

  • Restrict access to your name server
  • Restrict zone transfers
  • Use two-factor authenication for system access
  • Always patch unknown vulnerabilities on your server
  • Have a strong password policy
  • Deploy certification authority authorization (CAA) records and monitor new digital certificates (SSL)

We’re happy to talk to you about how CSC can help mitigate these risks.

INDUSTRY NEWS

What’s the point of domain name registrar security, controls, and processes?

On Friday, 24 January 2020, Brian Krebs—the world-renowned cyber security journalist—reiterated the critical importance of domain name security in reference to the domain name “e-hawk.net” being stolen from its rightful owner by targeting the domain name registrar. Read our latest blog post on why domain name registrar security is so important.

Security certificates and cryptographic keys for enterprise companies

A recent report from Keyfactor and the Ponemon Institute reveals that the use of multiple cryptographic keys and digital certificates are a concern for enterprise companies. The mismanagement of keys and certificates is related to an increase in outages. Read the full article from ZDNet here.

How CAA records can help enforce digital certificate policies

Digital certificates are easily purchased online with a credit card and have a maximum validity of two years, which means keeping up with renewal notices from various providers, and preventing expirations that could cause catastrophic service outages and data breaches becomes an uphill task. Read our blog on how CAA records can help enforce your digital certificate policies.

DOMAINS UPDATES

Dot brand focus

In our largest .BRAND Landscape Report, we focused on the .GOOGLE top-level domain (TLD) and how it’s used to help promote core, brand-related content for Google to talk about itself as a company.

Ever since February 2019 when we started tracking the top .BRANDs ranked in the Alexa Top 1 Million, about.google has consistently ranked first or second. An amazing result for a .BRAND created on 6 August 2018 with website content only migrated over from google.com/about in early 2019.

New TLD launches

.台灣 (.xn--kpry57d)
The TW Registry has recently released an ASCII version of their international domain name (IDN) extension. We are currently in Grandfather Phase for owners of existing .TW domains.

.GAY

Currently in Sunrise Phase. Launched to provide a safe advocacy space for the LGBTQ community.

.BJ

New sub-extensions are now available for the West African country of Benin.

CSC NEWS

What’s new in CSCDomainManagerBeginning 28 January 2020, CSCDomainManager℠ users with the ability to switch between accounts will see enhancements made to streamline this process. Including:

  • Eliminating the need to re-authenticate into the platform when switching accounts
  • Adding predictive search capabilities to search for and switch to accounts within the same customer hierarchy

Please contact us if you would like a portal demo.

Security product update: MultiLockOur MultiLock service now supports new TLDs. In the past month, we have added .IE, .CH, and .LI to our MultiLock program. CSC Security Center℠ will highlight any vital domains with these extensions as at risk if they don’t have MultiLock in place. Please contact us if you would like to review your vital domain list for potential gaps in lock coverage.

Industry Updates webinar – 5 March
Our next monthly Industry Updates webinar will be on 5 March 2020. For the latest industry news from around the world regarding domain names, online security, and brand protection, register here.

Copenhagen security briefing – 18 March
Join us at our next breakfast briefing in Copenhagen featuring CSC’s Mark Flegg, and IT security specialist from LEGO Group, Søren Brandbyge. They will discuss DNS security features, domain-based messaging authentication, reporting, and conformance (DMARC), as well as email fraud, and how to protect your organisation against the most common security threats. Register here.

CSC Nordic News – February 2020