“DNS security, key to Internet resilience?”
Pascal Steichen, CEO SECURITYMADEIN.LU was part of the panelists in the last FIC Breakfast, that took place online on 30 June 2021 and addressed the topic of “DNS security, key to Internet resilience?”.
The DNS (Domain Name System), the keystone of the Internet since it is at the heart of the network’s architecture, is a prime target for cyber attackers.
The Internet Corporation for Assigned Names and Numbers (ICANN) has issued an alert in 2019 following a campaign of malicious activity targeting DNS infrastructures.
In addition, the particularly permissive DNS protocol also makes it a preferred attack vector. In both cases, the risk is not negligible since it affects the very functioning of the Internet.
Can we therefore fear a massive attack that could bring down the Internet? And what technical, human and organizational solutions can be found to secure the DNS and guarantee a safe, stable and resilient global Internet?
When asked the above-mentioned questions, Pascal Steichen highlighted the fact that the pandemic made the criminal activities that use DNS in 2020 and 2021 rise. Since governments, medical structures and various organisations have faced a critical need of communication, numerous websites and portals have been created in order to address the different topics brought up by the pandemic. Hence, we have observed an ever-increasing number of websites named after the words “covid” and/or “19”. With the creation of these new numerous and similar domain names, the challenge lies in the detection and distinction of legitimate and fraudulent websites. In fact, DNS is used by companies as a brand, as its name to be known by the external audience. Most of the time, companies choose an easy-to-remember name so that its target audience easily access the website. Some criminals use registration methods that are very similar to those of well-known brands, for example by using characters from a non-Latin alphabet to create combinations that are visually very similar to well-known domain names.
Criminals use DNS to strengthen their attacks.
Pascal Steichen also highlighted the fact that the risk of bringing down the Internet is almost zero since both the criminals and us need it up and running. More than that, criminal activities (of any kind) tend to migrate even more towards the Internet infrastructure.
It is important to operate several infrastructures and to decentralize in order to avoid single points of failure.
Something that is often put aside is the reputational issue that can be caused by a DNS attack. Companies and organisations need to protect their brand image while protecting the technical part. A DNS security issue can have a long-term impact, affecting the brand image, with consequences on the business.
The marketing dimension must be taken into consideration.
Regarding the required rigorous management of DNS, Luxembourg has set a specific rule only allowing a city or municipality to purchase the domain name bearing its name.
Pascal Steichen reminded that DNS is always a part of the various awareness campaigns run by the agency in Luxembourg, such as of the phishing awareness campaigns (as the protection against phishing attacks goes through DNS protection).
With the increasing development and use of IoT devices - new tiny computers requiring DNS - security is handled in a machine vs machine environment. Therefore, many security aspects need to be foreseen and planned in advance.
It is important for CERTs to have the right domain name’s contact person in order to efficiently respond to and resolve an incident.
A replay of this FIC Breakfast is available, watch it here.