CERT mailing list archives

Previous By Date Next
Previous By Thread Next

DNS Infrastructure Hijacking Campaign

From: "US-CERT" <US-CERT () ncas us-cert gov>
Date: Thu, 10 Jan 2019 16:07:53 -0600
U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



DNS Infrastructure Hijacking Campaign [ 
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign ] 01/10/2019 04:13 PM 
EST 
Original release date: January 10, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure 
Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using 
compromised credentials, an attacker can modify the location to which an organizations domain name resources resolves. 
This enables the attacker to redirect user traffic [ 
https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html ] to attacker-controlled 
infrastructure and obtain valid encryption certificates for an organizations domain names, enabling man-in-the-middle 
attacks.

NCCIC encourages administrators to review FireEyes blog on global DNS infrastructure hijacking [ 
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
 ] for more information. Additionally, NCCIC recommends the following best practices to help safeguard networks against 
this threat:


  * Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records. 
  * Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the 
correct Internet Protocol addresses or hostnames. 
  * Search for encryption certificates related to domains and revoke any malicious certificates. 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]
Previous By Date Next
Previous By Thread Next

Current thread: