Security / Networking / Sponsored / Contributed

DNS Is an Easy Target for Attackers: Here’s What You Can Do

11 Jun 2019 9:49am, by

NS1 sponsored this post.

Kris Beevers
Kris Beevers is the co-founder and CEO of NS1. He leads NS1’s team of industry experts as they create products to enable companies to use DNS to build and deliver dynamic, distributed, and automated applications that delight users. Kris is a recognized authority on DNS and global application delivery, and often speaks and writes about building and deploying high performance, at scale, globally distributed internet infrastructure. Kris holds a Ph.D. in Computer Science from RPI, and prior to founding and leading NS1, he built CDN, cloud, bare metal, and other infrastructure products at Voxel, which sold to Internap (NASDAQ:INAP) in 2011.

DNSpionage, DNS hijacking and DNS poisoning attacks — the writing is on the wall that DNS has become ground zero for cyberattacks against enterprises and governments around the globe. The extent to which these attacks put consumer data at risk and disrupt businesses, causing significant loss, is obviously impossible to ignore.

Consider the DNS-related cyber activity occurring in just the past six months alone. In November, a DNS-related attack rerouted Google’s traffic via internet service providers in Nigeria, Russia and China, exposing the search data to attackers in those countries. In January, FireEye published research identifying a global DNS hijacking campaign “that has affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.” The following month, ICANN (the Internet Corporation for Assigned Names and Numbers) issued an alert calling for an intensified effort for enterprises to better protect their DNS, including installing stronger technology. More recently, the “Sea Turtle” hijacking campaign was responsible for compromising organizations in more than a dozen countries. Each breaking news story renews concern and leaves enterprises wondering why DNS is increasingly targeted.

DNS: An Easy Target with Significant Returns

Attackers that previously targeted other enterprise systems have recognized that DNS can be a relatively weak point in the networks of enterprises, governments and other organizations. Further, due to DNS’s central role in orchestrating all internet and application traffic, the damage malicious actors can do by carrying out attacks against DNS is greater relative to other attacks.

DNS is a main gateway to the enterprise, so as infrastructure becomes more distributed and complex, it is often left vulnerable. The attackers are thus exploring any and all of the angles they can in order to take advantage of this entry point. We will continue to see attacks against the DNS control plane (registrars, authoritative DNS systems) and against the caching hierarchy of DNS (e.g. DNS poisoning attacks) until target organizations widely implement well-known best practice domain security measures.

Steps Enterprises Can Take to Protect Their DNS

Fortunately, there are concrete ways to mitigate many of these DNS threats. As commonsensical as they may seem, these approaches are not always put into practice even though they are effective.

First, strengthen access controls: enterprises should begin by implementing two-factor authentication and single sign-on at their DNS providers and registrars. If the company uses scripts or APIs to update DNS, it should use strong authentication keys and restrict key usage to valid sources only (i.e., IP whitelisting for DNS registrars, DNS control panels and APIs). Monitoring is another critical component – organizations should audit any changes to sensitive DNS records and tie audit logging of their DNS vendor into their SIEM or other monitoring systems.

All these measures should be deployed on top of more widely discussed DNS security measures, including implementing DNSSEC, which protects the integrity of DNS information by having it digitally signed and verified by the top-level domain, and having redundant DNS in place to avoid downtime or outages due to DDoS or network failures.

Overcoming DNS Security Barriers

There is no question that DNS has grown as a target, but enterprises’ adoption of key security measures is lagging. The truth is that, until recently, the technology organizations needed to effectively secure DNS, such as DNSSEC, DNS redundancy or automated auditing pipelines, were challenging to implement, led to performance or functionality tradeoffs — or simply weren’t supported by providers. Fortunately, innovation from modern DNS technology providers has made it possible to more easily implement these controls, and support from global governing organizations like ICANN will drive continued focus on prioritizing security. With DNS growing as an attractive target for attackers, enterprises should take steps now to secure the availability and integrity of their DNS deployments.

Feature image via Pixabay.