National Cyber Awareness System: 01/24/2019 03:01 PM EST Original release date: January 24, 2019 Summary The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks. See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below: These files will be updated as information becomes available. Technical Details Using the following techniques, attackers have redirected and intercepted web and mail traffic, and could do so for other networked services.
Mitigations NCCIC recommends the following best practices to help safeguard networks against this threat:
References
Revisions
This product is provided subject to this Notification and this Privacy & Use policy.
|
IMPORTANT NOTICE
This e-mail, including attachments, is covered by the Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2521, may include confidential, proprietary, and legally privileged information (including, without limitation, attorney-client privilege), and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any use, dissemination, distribution, printing, or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.