DHS has ordered that federal agencies must update the security of their DNS, all while the government shutdown continues.
The move is in response to reports from FireEye and Talos that attackers have been compromising DNS and using that access to issue fraudulent TLS certificates.
During incident response engagements with Rendition Infosec customers, we have seen cases of DNS tampering. In most cases these attacks were used to host exploit kits and spam landing pages. Use by APT groups to facilitate man in the middle access or outright intellectual property theft would certainly be more concerning.
Jake Williams, Rendition Infosec founder, recorded this video to explain the significance of the order. The implications are the same whether you work in government or not. Honestly, you probably have more security concerns with DNS if you use a commercial registrar.
Of course, if you have more questions about cybersecurity monitoring or incident response, don’t hesitate to contact Rendition Infosec.