DNS Infrastructure Under Attack

The Internet Corporation for Assigned Names and Numbers (ICANN) has issued a warning that the DNS infrastructure is facing an “ongoing and significant risk” and has urged domain owners to deploy DNSSEC technology.

ICANN

ICANN is one of the many organisations involved in the decentralised management of the Internet but is specifically responsible for coordinating the top-most level of the DNS in order to ensure that it can operate in a secure and stable way and maintain universal resolvability.

Attacks

According to ICANN’s statement, public reports indicate that the DNS infrastructure is facing “multifaceted attacks utilizing different methodologies”.  Examples of such attacks include replacing the addresses of intended servers with addresses of machines controlled by attackers.  The prevalence of so-called “man in the middle” attacks, where a user is unknowingly re-directed to a potentially malicious site is of particular concern.

Cisco’s Talos Intelligence blog has highlighted how this type of attack has been carried out on a grand scale by some international players.  For example, the blog reports how Lebanon and the United Arab Emirates (UAE) have been targeting .gov domains, as well as a private Lebanese airline company.  The attackers used two fake, malicious websites containing job postings via malicious Microsoft Office documents which had embedded macros. The malware, dubbed “DNSionage” supported HTTP and DNS communication with the attackers.

The Cybersecurity Infrastructure Security Agency in the US has also been forced to order federal agencies to act against DNS tampering.

DNSSEC

One of the main ways that ICANN and Internet companies like Cloudflare and Google are suggesting that DNS-focused attacks can be countered is through the deployment of DNSSEC technology by domain owners.   Domain Name System Security Extensions (DNSSEC) has been described as a suite of Internet Engineering Task Force (IETF) specifications.  DNSSEC was designed to protect Internet resolvers/clients from forged DNS data, and it complements other technologies e.g. Transport Layer Security (usually used in HTTPS) that protect the end user/domain communication.  In essence, it cryptographically signs data to make it much more difficult to forge.

Low Adoption Rate

One of the reasons why DNS-focused attacks are so prevalent may be that the adoption rate of DNSSEC is so low – around 20%.  In fact, according to Cloudflare, only 3% of the Fortune 1,000 are using DNSSEC.

What Does This Mean For Your Business?

It is good that ICANN has identified this threat as this will now facilitate greater discussion and action and may motivate more domain owners to look into and adopt DNSSEC, hopefully across all unsecured domain names.  Although full deployment of DNSSEC is not the ultimate answer, it may go a long way towards drastically reducing the current threat.

ICANN has produced a helpful checklist of recommended security precautions that members of the domain name industry e.g. registries, registrars, resellers, and others, can proactively take to protect their systems, their customers’ systems and any that could be reached via DNS.  You can find the checklist here: https://www.icann.org/news/announcement-2019-02-15-en