Editor’s Note: This article was published in 2019 and has been updated for accuracy and comprehensiveness as of October 2020.
Domain Name System Security (DNS security) is important.
Even if you have an otherwise multi-layered defense, the tiniest cracks can bring down even the most security-hardened systems. These days, many system administrators and IT or cybersecurity professionals are laser-focusing on hardening individual endpoints. These professionals are also keeping current on vulnerabilities that need to be patched. Many of these professionals aren’t prepared for a new risk that has come to light and are vulnerable.
While those steps are necessary, they don’t hit everything. In 2017, Wired.com published a cautionary tale about how one Brazilian bank had been compromised, in a way you wouldn’t expect: weak DNS security. If an attacker can compromise the underlying system on which your email, web, apps, and services operate, the internal security of those systems goes out the window—useless. In the Brazilian banking attack, cybercriminals were able to hijack the bank’s email accounts. Because of this, they could then intercept communications related to wire transfers. They were then able to redirect nearly $27 billion in assets to accounts under their control.
This wasn’t the exploitation of a zero-day vulnerability or an unprecedented attack; this cyberattack used known weaknesses inherent to the way the internet fundamentally functions. I’m not here to say that the internet is going to crumble due to this fatal flaw. But, listen up: there are ways to avoid going the way of this Brazilian bank. Take the time to limit who has access to DNS records, make sure MFA is enabled correctly, and use proper access and auditing controls—always. Too often businesses leave their networks wide open to this. If companies don’t fix this flaw, hackers will have no problem breaching and taking over their networks.
If you have any questions about DNS security or whether or not your DNS is at risk, feel free to contact us at 763-593-3000.