Last week, the Internet Corporation for Assigned Names and Numbers (ICANN) decided to call for the full deployment of Domain Name System Security Extensions (DNSSEC) on all insecure domain names. ICANN made this decision due to the increasing number of reports of malicious activity targeting the DNS infrastructure.
According to ICANN, there is an ongoing and significant risk to key elements of the Domain Name System (DNS) infrastructure. The DNS, which converts numeric Internet addresses into domain names, has been the victim of various attacks using different methodologies.
#I CAN says there is “a continuing and significant risk to the Internet” and urges the full deployment of DNSSEC. Read the announcement here >> https://t.co/XbNr89GjO6
— ICANN (@ICANN) February 22, 2019
Last month, security firm FireEye revealed that hackers associated with Iran were hijack DNS records, by redirecting users from a legitimate web address to a malicious server in order to steal passwords. This “DNSPionage” campaign targeted the governments of the United Arab Emirates and Lebanon. Homeland Security’s Cybersecurity Infrastructure Security Agency had warned that US agencies were also under attack. In his first emergency order in the middle of a government shutdown, the agency ordered federal agencies to take action against DNS tampering.
David Conrad, ICANN Chief Technology Officer Recount the AFP news agency that the pirates are “attack the internet infrastructure itself.”
ICANN urges domain owners to deployment of DNSSEC, which is a more secure version of DNS and difficult to manipulate. DNSSEC cryptographically signs data, making it harder to spoof. Some of the attacks target the DNS where addresses of intended servers are changed with addresses of machines controlled by the attackers. This type of attack that targets DNS only works when DNSSEC is not used.
ICANN also reaffirms its commitment to engage in collaborative efforts to ensure the security, stability, and resiliency of the Internet’s global identification systems.
This month, ICANN proposed a control List recommended security precautions for members of the domain name industry, registries, registrars, resellers, and other related parties to take proactive steps to protect their systems.
ICANN aims to ensure that Internet users reach their desired online destination by preventing “man-in-the-middle” attacks where a user is unknowingly redirected to a potentially malicious site.
Few users already have been the victim of a DNS hijacking and thinks this decision will not help them. An user commented on HackerNews, “It’s nonsense, and perhaps crossing the line between ignorant nonsense and malevolent nonsense.” Another user said, “There is actually very little evidence that we ‘need’ the authentication provided by DNSSEC.” Few others think it could work as a good solution. A comment bed, “DNSSEC is quite famous as a solution in search of a problem.”
To learn more about this news, see Official message from ICANN.
Internet Governance Project (IGP) Survey of IPV6 Adoption, Initial Reports
Root zone KSK (Key Sign Key) rollover to resolve DNS queries successfully completed
RedHat shares what to expect from next week’s first-ever DNSSEC root key rollover