ICANN warns that attackers are working to undermine the DNS infrastructure of the internet.
The Internet Corporation for Assigned Names and Numbers (ICANN) reports that key internet structures have been under attack for some months now. “Public records indicate that there is a pattern of multifaceted attacks utilizing different methodologies,” the group warned in an official statement. “Some of the attacks target the DNS, in which unauthorized changes to the delegation structure of domain names are made, replacing the addresses of intended servers with addresses of machines controlled by the attackers.”
The DNS is the Domain Name System, and it is essentially the internet phone book. It translates IP addresses into website names. It’s the system that allows the typical user to enter a domain’s name in the address bar instead of a litany of numbers. But a compromised DNS could wreak havoc on all internet traffic, as it would allow for man-in-the-middle attacks. These attacks hijack the internet traffic and send it to malicious IP addresses instead of the intended destination.
There is no one panacea that will stop the multifaceted attacks, but ICANN is calling for more implementation of the Domain Name System Security Extensions (DNSSEC). While DNSSEC adoption is still only at 20%, the security measure prevents man-in-the-middle attacks and includes a digital signature which reveals if the traffic had been compromised.
It’s unknown who the attackers are, but cybersecurity experts say they have evidence that the attacks are originating in Iran, and are being enacted on behalf of a nation state agenda.
“While really hard to perform, this kind of attack,” notes Luis Corrons, Avast security expert, “if successful, can easily compromise a huge number of people without them even realizing it.” As DNS experts work to mitigate the attacks, ICANN offers specific cybersecurity tips businesses can follow as precautionary measures.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
In a new case that started this week, the U.S. Supreme Court is reviewing the 1986 Computer Fraud and Abuse Act (CFAA) to judge whether or not the law’s wording is too vague.
The hacker’s forum OGUsers has ironically been a tempting target for criminals, with a series of at least three successful hacking attempts in the past couple of years.