703-345-5833 info@rimstorm.com

January 23, 2019

The U.S. Department of Homeland Security (DHS) has today issued an “emergency directive” to all federal agencies ordering IT staff to audit DNS records for their respective website domains, or other agency-managed domains, within next 10 business days.

The emergency security alert came in the wake of a series of recent incidents involving DNS hijacking, which security researchers with “moderate confidence” believe originated from Iran.

Domain Name System (DNS) is a key function of the Internet that works as an Internet’s directory where your device looks up for the server IP addresses after you enter a human-readable web address (e.g., thehackernews.com).

The DHS orders federal agencies to:

  • audit public DNS records and secondary DNS servers for unauthorized edits,
  • update their passwords for all accounts on systems that can be used to tamper DNS records,
  • enable multi-factor authentication to prevent any unauthorized change to their domains, and
  • monitor certificate transparency logs.

For those unaware, Certificate Transparency (CT) is a public service that allows individuals and companies to monitor how many digital certificates have been issued by any certificate authority secretly for their domains.

The Cyber Hygiene service of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will also begin a regular delivery of newly added certificates to CT log for US federal agency domains.

Once the CISA starts distributing these logs, government agencies are required to immediately begin monitoring their CT log data for issued certificates that they did not request. If any agency found any unauthorized certificate, it must be reported to the issuing certificate authority and the CISA.

Source: The Hacker News