NCSC Issues Alert Over International Domain Name Service Attacks
A string of domain name system (DNS) attacks has prompted the National Cyber Security Centre (NCSC) to issue an alert for government and commercial entities.
The National Cyber Security Centre (NCSC) has issued an alert over a series of international domain name system (DNS) attacks.
The announcement follows a similar alert issued by the US Department of Homeland Security (DHS) to prevent attacks on government agencies across the US.
In a statement online, the NCSC said: “The NCSC is investigating a large-scale Domain Name System (DNS) hijacking campaign that has reportedly affected government and commercial organisations worldwide.
“The majority of entities targeted are in the Middle East, but some impact has been reported in Europe and the US.”
In the US, authorities have warned that attackers could use compromised credentials which enable them to modify the location of an organisation’s domain name resources.
This would allow a potential attacker to redirect user traffic to infrastructure controlled by them and acquire valid encryption credentials for an organisation’s domain names.
The heightened state of security follows reports published by researchers at FireEye’s Mandiant Intelligence teams, as well as research published by Cisco.
Both companies revealed that a string of DNS hijacking attempts had affected domains belonging to telecoms and government infrastructure around the world.
The source of these attacks is believed to be Iran. However, based on the techniques used by attackers thus far, the initial infection vector used to compromise credentials is still unknown. The NCSC said that multiple techniques are being exploited by attackers in order to gain a foothold.
Currently, the cybersecurity centre is unaware of any compromised entities in the UK, however, there is a strong possibility that UK-based organisations in the UK could be affected.
“The NCSC is not currently aware of any compromised entities in the UK, the techniques exhibited could feasibly be deployed against UK targets.”
The NCSC said it working closely with industry partners and international counterparts to both identify defensive measures that could be put in place, as well as to understand the campaign’s impact so far.
Mitigation steps have also been published by the centre which outlines a number of practices organisations can take. These include, but are not limited to:
- “Ensure 2-factor authentication is enabled in all registrar or registry accounts, and the passwords are not easily guessed, are stored securely, and not re-used across services.”
- “Ensure any available logging is enabled so that you can review changes which have been made.”
- “Ensure 2-factor authentication is enabled in all DNS hosting accounts”
- “Consider the use of configuration-as-code approaches to manage changes to your DNS zones.”
- “Attackers may attempt to use account recovery processes to gain access to domain management, so ensure that contact details are accurate and up-to-date.”