DNS Hijacking: The Iranian Cyber Security Threat That May Be Overlooked


By Vincent D’Angelo
Share this post

The Iran geopolitical crisis will have unseen consequences on businesses worldwide. Last weekend, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert highlighting some of these business risks. This was followed up by a hack of a U.S. government website, fdlp.gov, and continued attacks on other U.S. state agencies, like the Texas Department of Agriculture website.

It’s anticipated that cyber security will be compromised to purposefully impact vital infrastructure and business assets. Tactics may vary, but according to CISA’s latest alert, DNS hijacking, distributed denial of service (DDoS) attacks, and other cyber threats may be used by Iran to disrupt business activity and take control of vital internet assets, as it did in 2019.

In response to these events and because of continued lack of security controls to mitigate risk with an organization’s domain names, domain name systems (DNS), and digital certificates, CSC encourages its clients and corporations across the globe to adopt a defense in depth approach to securing vital domain names, DNS, and digital certificates.

Protections are not limited to assessing the security, controls, and processes of your domain name registrar and DNS management provider, such as implementing two-factor authentication, monitoring DNS activity, and using security measures like domain name registry locks, DNS security extensions (DNSSEC), domain-based message authentication, reporting, and conformance (DMARC), and redundancy on DNS hosting.

For immediate assistance on this developing situation, please contact your CSC representative to confirm access to CSC Security CenterSM. In addition, please refer to our latest best practices and resources on domain name, digital certificate, and DNS security—and request a complimentary domain security assessment for your business.

https://www.cscdigitalbrand.services/blog/cyber-security-risk-postures/