Yesterday, the Department of Homeland security issued an emergency directive with the subject, “Mitigate DNS Infrastructure Tampering” and ordering the federal agencies to comply with these in order to secure login credentials for their internet domain records.
The DHS directive comes on the heels of research published by FireEye, early this month. The company shared that they have identified huge DNS hijacking affecting multiple domains belonging to the government, telecommunications, and internet infrastructure entities across the Middle East and some other countries. FireEye analysts also believe an Iranian-based group to be the source behind these attacks.
NEW: DHS is preparing to issue a rare “emergency” directive ordering federal civilian agencies to secure login credentials for their DNS records, comes after @FireEye found Iran was manipulating DNS records to divert traffichttps://t.co/j7y92rEt0O
— Greg Otto (@gregotto) January 22, 2019
The directive provides a brief explanation of how the attackers compromise user credentials, alter their DNS records, which enables them to direct user traffic to their system for manipulation or inspection.
This directive includes four actions to mitigate risks from undiscovered tampering, enable agencies to prevent illegitimate DNS activity for their domains, and detect unauthorized certificates. The actions include,
- Audit DNS Records
- Change DNS Account Passwords
- Add Multi-Factor Authentication to DNS Accounts
- Monitor Certificate Transparency Logs
Agencies have 10 business days to implement these instructions. According to CyberScoop, “The directive makes clear that agencies will ultimately be held accountable for their domain-name security policies, regardless of where they maintain their DNS accounts.”
The CISA (Cybersecurity and Infrastructure Security Agency) would also be providing technical assistance to agencies that report anomalous DNS records. They will also review submissions from agencies that are unable to implement MFA on DNS accounts within the timeline and get back to agencies. CISA will also provide additional assistance via their Cyber Hygiene service and will also provide additional guidance to agencies through an Emergency Directive coordination call following the issuance of this directive.
“By February 8, 2019, CISA will provide a report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) identifying agency status and outstanding issues”, the directive states.
To know more about this news in detail, visit DHS’ official website.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/us-department-of-homeland-security-releases-an-emergency-directive-to-combat-dns-tampering/