Urgent Security Measures: DHS Orders Federal Agencies to Audit DNS Records

The U.S. Department of Homeland Security (DHS) has issued an emergency directive to all federal agencies ordering their IT staff to audit DNS records for their respective website domains within the next 10 business days. This security measure comes in response to a series of incidents involving DNS hijacking that security researchers believe originated from Iran.

The Domain Name System (DNS) is a crucial component of the internet that serves as an Internet directory that translates human-readable web addresses into server IP addresses. DNS hijacking involves altering the DNS settings of a domain and redirecting victims to an attacker-controlled server with a fake version of the website they intended to visit.

The attackers have been successful in obtaining the credentials for admin accounts that can make changes to DNS records. The attackers can then obtain valid certificates for the hijacked domain names, making it possible to decrypt redirected traffic and expose any user-submitted data, even if HTTPS is enabled.

In recent months, there have been multiple reports of DNS hijacking attacks against government websites, internet infrastructure, and telecommunications entities across the world. The DHS has stated that it is aware of multiple executive branch agency domains that have been impacted by these attacks. The DHS advisory reads. Researchers at Cisco Talos also published a report of a sophisticated malware attack that compromised domain registrar accounts for several Lebanon and the United Arab Emirates (UAE) government and public sector websites.

The DHS has ordered federal agencies to audit public DNS records and secondary DNS servers for unauthorized edits, update passwords for all accounts on systems that can be used to tamper with DNS records, enable multi-factor authentication, and monitor certificate transparency logs. The Cyber Hygiene service of the DHS's Cybersecurity and Infrastructure Security Agency (CISA) will also begin delivering newly added certificates to the CT log for US federal agency domains. Agencies must monitor their CT log data for issued certificates that they did not request and report any unauthorized certificates to the issuing certificate authority and the CISA.

Except for the Department of Defense, the Central Intelligence Agency (CIA), and the Office of the Director of National Intelligence, all agencies have 10 days to implement these directives.

Thank you for reading our blog today. We hope you found the information helpful and informative. If you enjoyed this blog, be sure to follow us on Twitter, Instagram, Linkedin, GitHub, Website, and Youtube for more interesting content and updates. If you have any questions or comments, please feel free to reach out to us. We would love to hear from you. Don't forget to share this with your friends and family who may also find this information useful. Thank you for your support and stay tuned for more!