ICANN says there is an ongoing and significant risk to the internet
CYBERSECURITY is a key concern for most businesses, but imagine not being able to rely on your browser to take you to the right domain when you’ve entered.
Recently, the Internet Corporation for Assigned Names and Numbers (ICANN) called for an emergency meeting because it believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure.
The organization formed in 1998 was established with a mission to ensure a stable, secure, and unified global internet.
To reach a location on the internet, you need to type an address – a name or a number – into your device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world.
As a result of ongoing (and rapidly growing) reports of malicious activity targeting the DNS infrastructure, ICANN feels the threat levels have escalated.
Public reports indicate that there is a pattern of multifaceted attacks utilizing different methodologies. Some of the attacks target the DNS, in which unauthorized changes to the delegation structure of domain names are made, replacing the addresses of intended servers with addresses of machines controlled by the attackers.
This particular type of attack, which targets the DNS, only works when DNSSEC is not in use.
To mitigate the risk, the organization is calling for the full deployment of Domain Name System Security Extensions (DNSSEC) across all unsecured domain names.
DNSSEC is a technology developed to protect against such changes by digitally ‘signing’ data to assure its validity.
Although DNSSEC cannot solve all forms of attack against the DNS, when it is used, unauthorized modification to DNS information can be detected, and users are blocked from being misdirected.
As one of many entities engaged in the decentralized management of the Internet, ICANN is specifically responsible for coordinating the top-most level of the DNS to ensure its stable and secure operation and universal resolvability.
Thus, the organization also reaffirmed “its commitment to engage in collaborative efforts to ensure the security, stability, and resiliency of the Internet’s global identifier systems”.
Although the warning issued by ICANN is more global, the US Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS) also issued a similar warning recently — its first Emergency Directive.
The CISA provided some effective near-term mitigations (below) to protect systems in a risk-informed, straightforward, and high impact manner.
- Verify your DNS records to ensure they’re resolving as intended and not redirected elsewhere. This will help spot any active DNS hijacks.
- Update DNS account passwords. This will disrupt access to accounts an unauthorized actor might currently have.
- Add multi-factor authentication to the accounts that manage DNS records. This will also disrupt access, and harden accounts to prevent future attacks.
- Monitor Certificate Transparency logs for certificates issued that the agency did not request. This will help defenders notice if someone is attempting to impersonate them or spy on their users.
“While the Emergency Directive only applies to Federal civilian executive branch agencies that are not part of the Intelligence Community, the Directive includes common sense guidance and mitigation steps any organization can take to prevent DNS infrastructure tampering,” the CISA clarified.