720-891-1663
Return to the list of client alerts
No, I don’t mean those cute little guys that waddle across the sand near the ocean.
A relative to the DNS hijacking attacks from earlier this year and last, this attack is going after large chunks of the Internet. Cisco’s Talos security group says the Sea Turtle hacking group carried out a massive espionage campaign that even compromised some entire country code top level domains, meaning EVERY web site registered in those countries was at risk.
Talos says that 40 different organizations were affected. What is important to understand is that these 40 organizations were not the corner candy store or bakery. Victims included telecom carriers, Internet service providers, domain registrars, government ministries, intelligence agencies and energy companies. For now, these organizations were based in the Middle East and North Africa. For now.
By targeting a top level domain or TLD, the hackers get access to every single domain name registered in the country.
Some of the countries targeted were Albania, Armenia, Cyprus, Egypt, Iraq, Jordan and others. Armenia was one of several top level domains that was compromised. Companies that were compromised include the Swedish Infrastructure organization NetNod and Packet Clearinghouse based in Berkeley.
The style of this attack even allowed hackers to generate legitimate SSL (HTTPS) certificates, making things look even more real.
Earlier this year FireEye and CrowdStrike exposed part of Sea Turtle, thinking it was part of an earlier DNS attack called DNSpionage. It is not, Talos says.
Unfortunately, this means that DNS attacks will likely grow. Automated monitoring of DNS changes is one important protection, as is adding CAA records for those registrars that support them (at last check GoDaddy did not support it). Adding registrar locks can help too.
Unfortunately, the DNS infrastructure was not designed with security in mind and until DNSSEC becomes pervasive to the point that you can say that any domains that do not use DNSSEC will be blacklisted (which is YEARS away), it is going to be a cat and mouse game. Source: Wired.