January 23, 2019

DHS Issues Security Alert About Recent DNS Hijacking Attacks

The US Department of Homeland Security (DHS) has published today an "emergency directive" that contains guidance in regards to a recent report detailing a wave of DNS hijacking incidents perpetrated out of Iran.

The emergency directive [12] orders government agencies to audit DNS records for unauthorized edits, change passwords, and enable multi-factor authentication for all accounts through which DNS records can be managed.

The DHS documents also urges government IT personnel to monitor Certificate Transparency (CT) logs for newly-issued TLS certificates that have been issued for government domains, but which have not been requested by government workers (a sign that a malicious actor has hijacked a government domain's DNS records, and is now requesting TLS certificates in its).

Read more at ZDNet

Click Here!