Since the beginning of the year, the US government and private security companies have been warning of a sophisticated wave of attacks that’s hijacking domains belonging to multiple governments and private companies at an unprecedented scale.On Monday, a detailed report provided new details that helped explain how and why the widespread DNS hijackings allowed the attackers to siphon huge numbers of email and other login credentials.A DNS hijacking wave is targeting companies at an almost unprecedented scaleThe article, published by KrebsOnSecurity reporter Brian Krebs, said that, over the past few months, the attackers behind the so-called DNSpionage campaign have compromised key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies.Short for domain name system, DNS acts as one of the Internet’s most fundamental services by translating human-readable domain names into the IP addresses one computer needs to locate other computers over the global network.As an operator of one of the 13 root name servers that are critical to the functioning of the Internet, Netnod certainly qualifies as a key pillar upon which DNSpionage could support its mass hijacking spree.
The Department of Homeland Security has issued an emergency directive ordering administrators of most federal agencies to protect their Internet domains against a rash of attacks that have hit executive branch websites and email servers in recent weeks.A DNS hijacking wave is targeting companies at an almost unprecedented scaleThe DHS’ Cybersecurity and Infrastructure Security Agency (CISA) issued the directive on Tuesday, 12 days after security firm FireEye warned of an unprecedented wave of ongoing attacks that altered the domain name system records belonging to telecoms, ISPs, and government agencies.DNS servers act as directories that allow one computer to find other computers on the Internet.By tampering with these records, attackers can potentially intercept passwords, emails, and other sensitive communications.“CISA is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them,” CISA Director Christopher C. Krebs wrote in Wednesday’s emergency directive.
As the US government’s shutdown extends into its 34th day, hackers linked to Iran have taken advantage by launching a cyberattack.The shutdown over President Donald Trump's $5.6bn (£4bn) budget request for a border wall with Mexico is the longest in US history.That means critical IT systems are being left vulnerable.A DNS-hijacking cyberattack has been launched on the US which experts believe originates from Iran.DNS hijacking reroutes internet traffic to a place where it can be manipulated and monitored for malign activities.Chris Krebs, Director of the US Cyber and Infrastructure Security Agency (CISA), has issued "an emergency directive to US civilian agencies requiring immediate actions to protect federal information systems from ongoing DNS hijacking and tampering activities".
The Department of Homeland Security has demanded an audit due within 10 daysThe US’s recently established Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring “immediate action to protect Federal information systems from ongoing DNS hijacking and tampering activities.”The announcement by Director Chris Krebs comes after the agency – set up last year to lead national efforts to defend critical infrastructure – was alerted to ongoing DNS hijacking and tampering activities by US cybersecurity company FireEye.The directive lays out a set of risk-informed, straightforward, and high impact/low burden actions that agencies must take to harden systems and improve awareness and trustworthiness of key security processes.It follows a Department of Homeland Security alert based on a FireEye report that detailed a coordinated DNS hijacking campaign, during which a group believed to operate out of Iran had manipulated DNS records for gov’t agencies.The DHS has demanded four actions.
2
Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that’s using relatively novel techniques to compromise targets at an almost unprecedented scale.The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company's computers on the Internet.By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting user’s login credentials.The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking.“A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben Read wrote in a report published Thursday.“They include telecoms and ISP[s], government and sensitive commercial entities.” The campaign, they added, is occurring around the globe at “an almost unprecedented scale, with a high degree of success.”
4
CenturyLink briefly disabled the Internet connections of customers in Utah last week and allowed them back online only after they acknowledged an offer to purchase filtering software.CenturyLink falsely claimed that it was required to do so by a Utah state law that says ISPs must notify customers "of the ability to block material harmful to minors."Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access."Just had CenturyLink block my Internet and then inject this page into my browser... to advertise their paid filtering software to me," software engineer and Utah resident Rich Snapp tweeted on December 9.“Your Internet service has been fully restored”Snapp's Internet access went out while he was watching streaming video via his Amazon Fire TV device.
Advanced security for whatever you do online.Maximum virus and spyware protection with anti-phishing, anti-spam, firewall, and DNS hijacking shields.More info: avast login
Online privacy is in short supply, as revelations from former NSA contractor Edward Snowden and scandals like Cambridge Analytica show."Using HTTP for a website instead of HTTPS has always been problematic," said Nick Sullivan, head of cryptography at Cloudflare, a company that helps websites keep up with traffic demands.Redirect people to fake websites with a technique called DNS hijacking so their usernames and passwords can be intercepted.China's "Great Cannon" used unencrypted HTTP connections to turn visitors to Baidu's website into unwitting attackers of the Github programming website.And Egypt has injected ads and run cryptocurrency mining software on people's computers, according to the Tor Project for advancing private web use and the Association for Freedom of Thought and Expression, a nonprofit that monitors Egyptian network censorship.HTTPS is decades old, but in the early days of the web, it was only used to protect us when typing obviously sensitive data like passwords and credit card numbers into websites.
Online privacy is in short supply, as revelations from former NSA contractor Edward Snowden and scandals like Cambridge Analytica show."Using HTTP for a website instead of HTTPS has always been problematic," said Nick Sullivan, head of cryptography at Cloudflare, a company that helps websites keep up with traffic demands.Redirect people to fake websites with a technique called DNS hijacking so their usernames and passwords can be intercepted.China's "Great Cannon" used unencrypted HTTP connections to turn visitors to Baidu's website into unwitting attackers of the Github programming website.And Egypt has injected ads and run cryptocurrency mining software on people's computers, according to the Tor Project for advancing private web use and the Association for Freedom of Thought and Expression, a nonprofit that monitors Egyptian network censorship.HTTPS is decades old, but in the early days of the web, it was only used to protect us when typing obviously sensitive data like passwords and credit card numbers into websites.
Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.Security researcher Patrick Wardle has looked extensively into MaMi (as spotted by 9 to 5 Mac) and observes that while it isn’t particularly sophisticated, it does more than simple DNS hijacking.It’s also capable of pulling off tricks like taking screenshots, downloading and uploading files, executing commands, and it installs a new root certificate to facilitate potential man-in-the-middle attacks.It’s pretty bad news all round, really.How do you get infected?
A Dutch security firm recently fell victim to a well-executed attack that allowed hackers to take control of its servers and intercept clients' login credentials and confidential data.The security firm, Fox-IT, said in a blog post published last week that the so-called "man-in-the-middle attack" lasted for 10 hours and 24 minutes, although the attack was largely contained for much of that time.The attackers carried it out by gaining unauthorized access to Fox-IT's account with a third-party domain register.With that, the attackers effectively hijacked control of fox-it.com and all traffic sent to it.The attackers were able bypass protections provided by HTTPS-based encryption by first using their control of the Fox-IT domain to obtain a new transport layer security certificate."While we deeply regret the incident and the shortcomings on our part which contributed to it, we also acknowledge that a number of the measures we had in place enabled us to detect the attack, respond quickly and confidently and thereby limited the scale and length of the incident," Fox-IT officials wrote.
But as WikiLeaks was reminded this week, one hacker technique can take over your entire website without even touching it directly.On Thursday morning, visitors to WikiLeaks.org saw not the site's usual collection of leaked secrets, but a taunting message from a mischievous group of hackers known as OurMine.WikiLeaks founder Julian Assange explained on Twitter that the website was hacked via its DNS, or Domain Name System, apparently using a perennial technique known as DNS hijacking.DNS hijacking takes advantage of how the Domain Name System functions as the internet's phone book—or more accurately, a series of phone books that a browser checks, with each book telling a browser which book to look in next, until the final one reveals the location of the server that hosts the website that the user wants to visit.It’s how people find you," says Raymond Pompon, a security researcher with F5 networks who has written extensively about DNS and how hackers can maliciously exploited it."If someone goes upstream and inserts false entries that pull people away from you, all the traffic to your website, your email, your services are going to get pointed to a false destination."
Pakistan-based hackers, going by the name Team Pak Cyber Attackers, allegedly hacked and defaced Google's Bangladesh domain with a message taunting the domain security measures implemented by the tech giant.The Google Bangladesh page displayed "Pakistan Zindabad" Long live Pakistan slogan on 20 December confusing some users if they had logged on to the right domain.Several of them on realising that hackers might have taken control of the domain posted screenshots on Twitter.HackRead reports that the hacking group behind this takeover is generally known for breaching high profile Indian government and law enforcement websites.This is the first time the group has targeted a Bangladesh domain.The latest takeover of the site is known as DNS hijacking or DNSredirection.
More

Top