CYBER COPS at the UK's National Cyber Security Centre (NCSC) has issued an advisory over a large-scale global DNS hijacking campaign.
The advisory [PDF] discusses the risks and mitigations for organisations to protect themselves from such attacks, in which threat actors change the domain name system (DNS) records of websites and redirect visitors to malicious sites instead.
DNS is the service that helps internet users navigate to a web domain by correctly pointing the web browser to an IP address.
Changing DNS records, though, not only enables cybercriminals to redirect users to malicious websites, but they can also modify the ownership details of web domains, thus making them difficult to recover.
According to a recent report by Avast, in the past year, a large number of Brazilian users have been targeted with router attacks; the report claims that the DNS settings of more than 180,000 Brazilian routers have been modified by attackers in the first six months of 2019.
Last week, Cisco Talos also published a report on recently noticed activities from Sea Turtle, a threat group that uses DNS hijacking techniques for cyber-espionage purposes.
The NCSC first noticed the attempts by attackers to hijack DNS earlier this year. At the time, the NCSC published an alert to warn organisations and also revealed that the hijacking campaign had hit several governments and commercial organisations worldwide.
While most of the affected entities were located in the Middle East region, some organisations were also targeted in the US and Europe.
The NCSC now says that it has observed further activities of attackers across multiple sectors and regions. The Centre is probing the attacks but says that is not yet aware of any compromised entity in the UK.
To prevent phishing attacks, the agency recommends administrators use strong, unique passwords, and also enable multi-factor authentication, where possible.
To protect registrar accounts from account takeovers, the NCSC advises administrators to regularly check the details linked to the account, and for organisations that run their own DNS infrastructure, the agency suggests implementing strict access to computer systems hosting DNS services. µ
But it might never see the light of a PC bay
It's nothing we haven't seen before, but it's still the best iPhone yet
Firm gives scanner flaw the finger
Ermine is the same but stoat-ally different