U.S. Government Websites Hijacked, How Secure Are Your Systems?
The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is tracking a series of DNS Hijacking events which have re-directed traffic away from their websites and to sites run by the hackers.
Due to the nature of the attack visitors to the website believe they are accessing the actual site as it looks and behaves just like the real site. The website is event verified as a secure site in the web browser.
Because the hacker has secured the fake site with a valid security certificate they can also see all the data people submit to the site.
How Did It Happen
Without getting into all the specifics details of how it happened, the attackers compromised the usernames and passwords of users accounts that have access to change the DNS records.
Attackers were then able to redirect the traffic to their sites as
The attackers were then able to have digital certificates issued to “secure” the now compromised website and give themselves access to anything that was sent to the site.
Could It Be Prevented
Yes and No, hackers are always finding new ways to gain access to systems they are not supposed to have access to, but there are measures that can be implemented to make it harder to perform these sorts of attacks.
Below are some of the recommendations (both from the U.S. Department of Homeland Security and Hawkins IT Solutions) than can help to keep you secure.
- Regular password changes for critical accounts. Any password can become compromised at any time, regular changes reduce the amount of time this password can be used for.
- Multi-Factor Authentication, A username
andfresh password are a good start but Multi-Factor Authentication (MFA) adds another layer, even if an attacker gets into the account MFA requires another password to be entered before they can get into the account. This password changes every 60 seconds making it virtually impossible to guess.
- Different Passwords for different accounts, If you use the same username and password for multiple accounts an attacker can access all of those accounts with the same details. A different password for each account will help prevent multiple accounts from being compromised.
- Audit your systems, An audit might seem like a lot of work but it doesn’t have to be. Proper record keeping goes a long way to simplifying the process. If you know what your DNS records are supposed to be you can easily double check them and make sure they have not changed. Other systems can benefit from the same principals.
- Change service providers, Don’t be afraid to change service providers, it is better to spend a little time and money moving to a more secure service than sticking with the one you know just because that’s how you have always done it.
How much trust would you have in a company that compromised your personal information and would you expect your customers to trust you after a breach?