The U.S. Department of Homeland Security also known as DHS, has issued an “emergency directive” to all the federal agencies ordering their IT staffs to audit the DNS records for the domains of their respective companies or the domains maintained by the other agencies. This came as the emergency security alert that is the result of the series of incidents involving the DNS hijacking which is believed to have originated from Iran.
DNS or the Domain Name System is a major function of the internet working as an Internet’s directory where your device searches the server IP addresses after a human readable web address has been entered. DNS hijacking refers to altering the DNS settings of a domain redirecting the targeted users to different attacker-controlled server containing the fake version of the websites the users are trying to visit often with an intention to steal the users’ data.
During the month of January, 2019, the Mandiant FireEye security researchers reported a series of incidents related to DNS hijacking against a lot of government domains, internet infrastructure and telecommunications entities throughout Middle East, North Africa, Europe and North America.
According to the DHS orders to the federal agencies, they needs to audit the public DNS servers for all unauthorized edits, update passwords for all accounts on systems that can be involved to tamper the DNS records, enable the multi-factor authentication preventing any unauthorized changes to their domains and monitor the certificate transparency logs. Certificate Transparency (in short CT) is a public service that permits individuals and the companies to monitor the number of digital certificates used by any certificate authority secretly for their domains. The cyber hygiene services of the Cybersecurity and Infrastructure Security Agency (CISA) of DHS will likely to begin a regular delivery of the recently added certificates to CT log for the US federal agency domains.