Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 3

DNS Hijacking

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How you doing today on this episode of the show. We're going to talk about the domain name system or DNS and some of the challenges it presents from a security perspective know Brian Krebs. The Intrepid cybersecurity reporter has a fantastic post up there seeing it on screen here now in the blog and of course, I'll link to it in the description down below by summarizing some of the recent challenges around DNS security Now this summarizes our report on from Cisco research from crowd strikes research arm and from FireEye as well.

All three of them have been looking at DNS hijacking attacks over the last little while and this was in fact what the Department of Homeland Security in the u.s. Issued an alert about about a month ago essentially domain name service of the domain name system. The DNS system is what lines up, you know, Mark end.

CA with the IP address at where IP addresses that host that content. I'm so that works for any domain. Look up some music I an email. We use it in web. We use it in every internet transaction. There's a DNS components. It's absolutely critical that there's a couple sides of this as an organization.

You want to secure DNS traffic for on your users looking out. So when they're looking up things like a where does Google live that's a DNS requests and there's a whole set of security procedures and protocols you want to do to make sure that that request is secure but we're talking about today and what I'm Brian to dive with diving into in his article is around the opposite side as a company or somebody hosting content.

How do you make sure that that's secure now these hijacking attempts are essentially the attackers the cybercriminals are trying to take over these domains. Are they using various techniques? So they in my case would steal Marcos. CA and instead of pointing to my email and to my website. They were pointed to their resources.

Now you can start to think about the possibility. So this is an extremely powerful attack. Because if you take over that domain name now for all intensive purposes, you are that organization on the web and really clever attacks would keep the website going to where it needs to be but intercept the email in a way that's really hard to detect now the Spate of these attacks that are going on.

I have highlighted some of the weaknesses in the domain name system. Now when you get a domain you register it now, you don't go to the top level domains of a top-level domain is the. Ca or, more. Edu or. Dabber any number of the new tlds know normally they have a registrar.

Somebody who keeps track of who's what name? So who what name is assigned to what person or what organization now you don't deal with those you deal with the bottom and registers. You don't deal with the TLD registrar. They you deal with a company that does multiple. So like a GoDaddy.

I want my name or rebel.com that kind of think they would be able to register on your behalf. So you say I want and they register that was Sarah Who is the City that owns. CA and is an entity that owned every. Top level domain here. So that's sort of that that structure now the problem is is that I'm registrar level security.

I can be on socially engineered we see that in the past where people are at convincing the registrar to move the request somewhere else. Now these attacks that are crabs head detailed the way they talk to each other so that back end of chain. They were abusing that to take over various domains in one of the realest scariest parts of the story is that they got to one of the top 13 domain at infrastructure systems are so in this case.

It was Nat nod in the EU and they hold one of the 13 Master DNS servers around the world and that's pretty scary because they're really serious about operational security at these attackers were able to kind of worm their way through using authenticated credentials at different levels to get up to the top two fish cesium.

Now there are various techniques like it on DNS SEC which is an encryption scheme through DNS to ensure proper transitions proper root Zone transfers all these kind of things but none of this was perfect and really the idea today's I wanted to highlight this as a major issue for organizations and for individuals.

If you are running a web property in most of us, are you want to make sure that you leverage every single possible security control at your register offers. So, you know a unique individual passphrase for that register arm two-factor authentication. You can also use something called domain locking where you're requesting at the register any major domain name changes you want them to take additional steps to verify time.

You can also put in things like a privacy controls that help obscure your identity and which is great for my privacy perspective. But from a security perspective that also makes it harder to socially engineered because they're not exactly sure who is the owner of that registry or that registry entry that Mark n.

C in my nostril Stock market relates to a proxy entity and that makes it a little bit harder to social engineer, but you need to go through and take these steps to lock that account down because the end of the day that's your identity online. And that's absolutely critical to protect because if somebody takes that over there you and they could do Untold amount of damage in a very short amount of time.

I am now part of the attack. Krabs highlighted was that these people were fishing at these domains that they were taking over number of government domains intercepting their email for an hour at a time and harvesting a ton of credentials and that way and then using that access to move laterally through those organizations has a very very serious attacking it's in an area where most people Overlook so hopefully now knowing that you're going to go and leave a like or comment down below but then go and secure here register secure registrar stuff first and then come back and maybe share your experience that be far more positive.

Let me know when you've done that. Let me know what you think of this issue. Hit me up online at Mark and Cai in the comments down below and as always by email At Mark n. C. I hope you are set up for a fantastic day. We'll see you on the next episode of the show.

Morning, everybody. How you doing today on this episode of the show. We're going to talk about the domain name system or DNS and some of the challenges it presents from a security perspective know Brian Krebs. The Intrepid cybersecurity reporter has a fantastic post up there seeing it on screen here now in the blog and of course, I'll link to it in the description down below by summarizing some of the recent challenges around DNS security Now this summarizes our report on from Cisco research from crowd strikes research arm and from FireEye as well.

All three of them have been looking at DNS hijacking attacks over the last little while and this was in fact what the Department of Homeland Security in the u.s. Issued an alert about about a month ago essentially domain name service of the domain name system. The DNS system is what lines up, you know, Mark end.

CA with the IP address at where IP addresses that host that content. I'm so that works for any domain. Look up some music I an email. We use it in web. We use it in every internet transaction. There's a DNS components. It's absolutely critical that there's a couple sides of this as an organization.

You want to secure DNS traffic for on your users looking out. So when they're looking up things like a where does Google live that's a DNS requests and there's a whole set of security procedures and protocols you want to do to make sure that that request is secure but we're talking about today and what I'm Brian to dive with diving into in his article is around the opposite side as a company or somebody hosting content.

How do you make sure that that's secure now these hijacking attempts are essentially the attackers the cybercriminals are trying to take over these domains. Are they using various techniques? So they in my case would steal Marcos. CA and instead of pointing to my email and to my website. They were pointed to their resources.

Now you can start to think about the possibility. So this is an extremely powerful attack. Because if you take over that domain name now for all intensive purposes, you are that organization on the web and really clever attacks would keep the website going to where it needs to be but intercept the email in a way that's really hard to detect now the Spate of these attacks that are going on.

I have highlighted some of the weaknesses in the domain name system. Now when you get a domain you register it now, you don't go to the top level domains of a top-level domain is the. Ca or, more. Edu or. Dabber any number of the new tlds know normally they have a registrar.

Somebody who keeps track of who's what name? So who what name is assigned to what person or what organization now you don't deal with those you deal with the bottom and registers. You don't deal with the TLD registrar. They you deal with a company that does multiple. So like a GoDaddy.

I want my name or rebel.com that kind of think they would be able to register on your behalf. So you say I want and they register that was Sarah Who is the City that owns. CA and is an entity that owned every. Top level domain here. So that's sort of that that structure now the problem is is that I'm registrar level security.

I can be on socially engineered we see that in the past where people are at convincing the registrar to move the request somewhere else. Now these attacks that are crabs head detailed the way they talk to each other so that back end of chain. They were abusing that to take over various domains in one of the realest scariest parts of the story is that they got to one of the top 13 domain at infrastructure systems are so in this case.

It was Nat nod in the EU and they hold one of the 13 Master DNS servers around the world and that's pretty scary because they're really serious about operational security at these attackers were able to kind of worm their way through using authenticated credentials at different levels to get up to the top two fish cesium.

Now there are various techniques like it on DNS SEC which is an encryption scheme through DNS to ensure proper transitions proper root Zone transfers all these kind of things but none of this was perfect and really the idea today's I wanted to highlight this as a major issue for organizations and for individuals.

If you are running a web property in most of us, are you want to make sure that you leverage every single possible security control at your register offers. So, you know a unique individual passphrase for that register arm two-factor authentication. You can also use something called domain locking where you're requesting at the register any major domain name changes you want them to take additional steps to verify time.

You can also put in things like a privacy controls that help obscure your identity and which is great for my privacy perspective. But from a security perspective that also makes it harder to socially engineered because they're not exactly sure who is the owner of that registry or that registry entry that Mark n.

C in my nostril Stock market relates to a proxy entity and that makes it a little bit harder to social engineer, but you need to go through and take these steps to lock that account down because the end of the day that's your identity online. And that's absolutely critical to protect because if somebody takes that over there you and they could do Untold amount of damage in a very short amount of time.

I am now part of the attack. Krabs highlighted was that these people were fishing at these domains that they were taking over number of government domains intercepting their email for an hour at a time and harvesting a ton of credentials and that way and then using that access to move laterally through those organizations has a very very serious attacking it's in an area where most people Overlook so hopefully now knowing that you're going to go and leave a like or comment down below but then go and secure here register secure registrar stuff first and then come back and maybe share your experience that be far more positive.

Let me know when you've done that. Let me know what you think of this issue. Hit me up online at Mark and Cai in the comments down below and as always by email At Mark n. C. I hope you are set up for a fantastic day. We'll see you on the next episode of the show.