US-CERT- AA19-024A: DNS Infrastructure Hijacking Campaign

Started by Netwörkheäd, January 24, 2019, 06:05:12 PM

Previous topic - Next topic

Netwörkheäd

AA19-024A: DNS Infrastructure Hijacking Campaign

[html]Original release date: January 24, 2019

          

Summary


          

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization's domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization's domain names, enabling man-in-the-middle attacks.

See the following links for downloadable copies of open-source

Let's not argue. Let's network!

icecream-guy

access to your DNS should not be provided for externally.   If One Insists:

1. audit DNS Records
2. change DNS account passwords
3. add multi-factor authentication for DNS accounts
:professorcat:

My Moral Fibers have been cut.

deanwebb

Quote from: ristau5741 on January 25, 2019, 11:30:47 AM
access to your DNS should not be provided for externally.   If One Insists:

1. audit DNS Records
2. change DNS account passwords
3. add multi-factor authentication for DNS accounts

^ VERY TRUTH.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.