. home.aspx



DHS Emergency Directive Looks to Block Iranian DNS Threat

January 23, 2019 / Phil Muncaster

The US Department of Homeland Security (DHS) has taken the unusual step of issuing an emergency directive demanding government agency take urgent action to protect DNS infrastructure, in response to a major attack campaign. The Mitigating DNS Infrastructure Tampering directive was issued by the Cybersecurity and Infrastructure Security Agency (CISA) and details the modus operandi of recently reported Iranian activity designed to intercept and redirect web and mail traffic. The attackers are said to obtain or compromise user credentials to make changes to DNS records, directing users to their own infrastructure for “manipulation or inspection” before sending them on to the legitimate service. “Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization’s domain names,” the directive continued. “This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the cert...