On January 22, 2019, The U.S. Department of Homeland Security, DHS, Cybersecurity and Infrastructure Security Agency, CISA, issued an emergency directive. This emergency directive was put into place to address ongoing problems and issues associated with global Domain Name System, or DNS, infrastructure tampering. As a business owner or executive in charge of a business, you may have many questions about this and how it can affect your business. Here is what you need to know about DNS infrastructure tampering.
DNS infrastructure tampering involves techniques that allows an attacker access to your DNS. They are able to compromise a users’ credentials, allowing them to make changes to DNS records. Once the records are changed and altered, it allows an attacker the ability to access and intercept many things related to the network, including but not limited to your web address, your mail traffic and web traffic. An attacker can take that information and redirect incoming traffic to an unsafe website that may contain viruses or may collect information about your customer or business. When the attacker accesses your DNS, they also have access to encryption certificates, which allows certain information to be decrypted. And unfortunately, since the certificate is valid, your users will receive no error warnings that the certificate is outdated, so they may feel safe putting in personal information.
When an attacker tampers with your DNS infrastructure, they basically hi-jack your website. They can control incoming traffic, control where that traffic goes, and see personal information, such as names and credit card numbers. Unfortunately, if your page is hijacked, you have to tell your customers that their personal information may have been compromised, which reflects poorly on you. Your customers and clients expect you to keep your page safe for them, and if you fail to do so, it can be detrimental to your business.
It can be difficult to determine if your DNS infrastructure has been tampered with unless you take the time to carefully review your DNS certificates. It is recommended that you take the time to audit your DNS records, change your DNS account passwords to more complex passwords and add multi-factor authentication to all of your DNS accounts. This should be done within 10 days, as the threat level for DNS infrastructure tampering is so high. This should also routinely be done in the future to ensure your DNS certificates have not been tampered with.
DNS infrastructure tampering can create a security threat to your business. It can negatively affect your business website, and any websites that those within your business frequently visit and interact with. Fortunately, there are steps you can take to help decrease the risk of DNS infrastructure tampering and protect your business. Having the right IT team in place and learning about security threats is imperative to keeping your business safe from threats at all times.