ICANN warns that attackers are working to undermine the DNS infrastructure of the internet.
The Internet Corporation for Assigned Names and Numbers (ICANN) reports that key internet structures have been under attack for some months now. “Public records indicate that there is a pattern of multifaceted attacks utilizing different methodologies,” the group warned in an official statement. “Some of the attacks target the DNS, in which unauthorized changes to the delegation structure of domain names are made, replacing the addresses of intended servers with addresses of machines controlled by the attackers.”
The DNS is the Domain Name System, and it is essentially the internet phone book. It translates IP addresses into website names. It’s the system that allows the typical user to enter a domain’s name in the address bar instead of a litany of numbers. But a compromised DNS could wreak havoc on all internet traffic, as it would allow for man-in-the-middle attacks. These attacks hijack the internet traffic and send it to malicious IP addresses instead of the intended destination.
There is no one panacea that will stop the multifaceted attacks, but ICANN is calling for more implementation of the Domain Name System Security Extensions (DNSSEC). While DNSSEC adoption is still only at 20%, the security measure prevents man-in-the-middle attacks and includes a digital signature which reveals if the traffic had been compromised.
It’s unknown who the attackers are, but cybersecurity experts say they have evidence that the attacks are originating in Iran, and are being enacted on behalf of a nation state agenda.
“While really hard to perform, this kind of attack,” notes Luis Corrons, Avast security expert, “if successful, can easily compromise a huge number of people without them even realizing it.” As DNS experts work to mitigate the attacks, ICANN offers specific cybersecurity tips businesses can follow as precautionary measures.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.
Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com.
Join Avast's Avast's Christopher Budd at the National Council on Aging's Age+Action Conference to learn how to protect elders from tech support scams.
Avaddon ransomware group targeted Asia-based insurer AXA with DDoS attacks and ransomware just a week after the insurance company announced it was dropping support for ransomware payments in France.