In the world of cybersecurity, there’s a concept that is well known to most experts: man in the middle. This, generally speaking, is when an intruder places himself between two elements in order to deceive the user.
The expression is usually applied to DNS attacks. In this kind of attack, the cybercriminal attacks a domain’s DNS in order to change the address to which it redirects. This kind of DNS attack can take a user to a malicious website, when in fact, they believed they were visiting a trustworthy site. This method can be used to harm users’ cybersecurity in many ways, but the most common is to steal passwords.
Security agencies on alert
This kind of incident is on the up. And it’s not just isolated incidents happening to one or two people; whole organizations and institutions are being affected. Towards the end of 2018, several cybersecurity companies became aware of something seriously troubling: a group of cybercriminals, most likely from Iran, were orchestrating a series of DNS attacks. These attacks were designed to breach the IT security of bodies such as the Lebanese and UAE governments.
And these aren’t the only examples: according to the Cybersecurity and Infrastructure Security Agency (CISA), several agencies in the United States have also been attacked with this method, putting them in a constant state of alert.
And this situation isn’t a passing trend. The Government of the United States, via the Department of Homeland Security, has acknowledged that it has detected “a pattern of multifaceted attacks that use different methodologies.” This includes DNS attacks where, by changing the digital signature, different websites are redirected to malicious portals.
The importance of DNSSEC
Given the current situation, the Internet Corporation for Assigned Names and Numbers (ICANN) has called on all large public and private organizations to reinforce their DNS security by using the Domain Name System Security Extensions (DNSSEC).
This protection system digitally signs data to assure its validity via verifiable chains of trust. It has been in development for around 20 years, and is one of the most effective measures when it comes to fighting this kind of cyberattack. However, its success in the business world and in the ambit of public administrations is more limited; it is estimated that only around 20% of organizations use this system, while among Fortune 1000 companies this figure falls to just 3%.
This data is rather worrying if we bear in mind the fact that the consequences of an attack of this kind can be extremely serious. In cases where similar large-scale cyberattacks have been carried out, the repercussions were serious enough to cause grave crises for those who were affected. We need look no further that 2016, when Dyn suffered the largest DNS attack in recent history. As a result, tech giants such as Twitter, Tumblr, Spotify, The New York Times and CNN all became unavailable for a period of time. In 2017, the power supply in Ukraine was brought down by a similar attack. As we can see, it is not just a case of the Internet going down in people’s houses; incidents of this kind can bring down a huge range of digitalized services, many of which are essential in the day-to-day of our companies. And even in the best case scenario, companies that have been attacked in this way will face million euro losses.
The implementation of DNSSEC and the kind of protection that it provides is therefore absolutely vital, especially for large organizations, be they public or private. The fact is that, as ICANN reminds us, having this kind of protection doesn’t guarantee 100% that a website won’t suffer any kind of attack. What it does guarantee, however, is that DNS attacks are impossible. As such, although there is never going to be total security against cybercriminal activity, the better protected corporate cybersecurity is, the harder it will be to break in. To this end, DNSSEC has become a vital layer of security in 2019.