The Department of Homeland Security has issued an emergency directive regarding the management of DNS files in response to what is believed to be aggressive hacking originating in Iran.
Malicious actors tracked to that country have been aggressively targeting DNS management sites, obtaining user credentials and then editing DNS records to point unsuspecting web site visitors to a malicious web site. Here is what takes place:
- Hackers gain access to the site that manages a company’s DNS records. These are the records that translate IP addresses to more common text. For example, www.company.com correlates to an IP address on the Internet where that web site lives. The hackers repoint www to another IP address, where they are hosting a malicous site that looks like the original site. This allows the hackers to steal your identity or other information, depending what details you enter in to that site.
- Once the hackers have done their work, the revert the DNS record back to the original web site and move on. It’s possible you may not even know this has taken place.
The DHS emergency directive recommends putting two factor authentication (2FA) in front of the account through which you manage your DNS records. 2FA requires an additional step, in addition to entering your username and password to login to the site. Most will offer a few options, the most common being a text message with a one time code that you need to enter, or the use of an authenticator app like Google Authenticator or Microsoft Authenticator, which generate random codes you have to enter to complete the login process. Both of these are available in your app store.
As an example, GoDaddy is a very popular company that hosts DNS records for their customers. GoDaddy allows 2FA to be enabled on your login that you use to manage DNS if you host it with them. If you do, you should enable this immediately as it is the best defense against this threat. Other popular organizations that host DNS are companies like Network Solutions, Rackspace, Web.com and more. You should enable 2FA where ever your DNS is hosted and if the company you host with does not support 2FA, you should move your domain to company that does.