Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the Internet’s core infrastructure and are not directly visible to end users in most cases. This time it was different. The recent widespread DNS hijacking attacks on several Mid East, North African and European and North American governments and infrastructure providers, published by Ciscos Talos showed that DNS attacks are a real threat to cyber security. Netnod, one of the affected infrastructure providers issued a statement, that called, amongst other domain security mechanisms, for the implementation of the DNS Security Extensions (DNSSEC).
The analysis of these attacks also convinced the Internet Corporation for Assigned Names and Numbers (ICANN) that there is an ongoing and significant risk to key parts of the System (DNS) infrastructure. ICANN issued a call for “Full DNSSEC Deployment to Protect the Internet” across all unsecured domain names.
The question is if these attacks and the awareness that DNSSEC is an absolute essential base layer protection for domain names had some effects on the Implementation of DNSSEC Switzerland?
More DNSSEC signed domain names
As a ccTLD operator SWITCH publishes the number of DNSSEC signed .ch and .li domain names every month. While the number of signed domain names is still very low at around 3-4% we see a rise in the numbers of signed domain names for two years now.
A new issue of our bi-monthly SWITCH Security Report is available!
The topics covered in this report are:
Company networks at serious risk: recent waves of malspam have been spreading the multifunctional trojan Emotet, targeting Windows devices in particular
Phishing, porn, data theft: rogue apps appearing as a new and harmful type of ‘non-sellers’ on Google Play and other app stores
Spy Time now also available for Apple devices – Serious security vulnerabilities allow outsiders to eavesdrop on FaceTime conversations and steal passwords from Keychain in MacOS
Alexa home alone, nuclear attack via Nest and a new password law in California – what happens when IoT gadgets run amok?
The Security Report is available in both English and German.
Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. Many of the Internet protocols were designed at a time where built-in security was not a requirement. The IETF continues to standardize protocol extensions to address today’s security needs.
For some protocols security is added with controls stored in your domain names zone file. In order to have the desired effect, the pre-condition is of course that your domain name is secure. In other words, the security of your application that makes use of controls in DNS is only as secure as the security of your domain name.
Hijacking a domain name because of weak credentials at the registrar may get the job done but this is far from stealthy and will likely not last long. In many cases it is sufficient to hijack an abandoned subdomain. Taking over abandoned subdomains may be unnoticed by the owner for a very long period of time making it also very useful for targeted attacks.
Picture 1: update.ft.com has been hijacked and the content from the ft.com front page is mirrored with a fake article about subdomain hijacking. Note: the website is not online anymore, Financial Times has been notified to remove the abandoned record from their zone file. A Certificate Transparency (CT) log proves that a TLS certificate has been issued for this demo site.
Mobile Security: FireEye researchers have discovered a new software which takes Android malware to a new level by combining multiple malicious activities into one app.
After all, new research shows that ‘123456’ is a great password: Websites that would not present a threat if hacked should get throwaway credentials.
World Cup & Threat Intelligence: According to the Imperva Data Security Blog, Hackers like soccer so much, that they put their weapons down during the World Cup Finals. But during the rest of the matches, attacks actually increased.
SWITCH Security-Blog 