Christopher Krebs Explains Rationale Behind CISA’s Directive on DNS Tampering Campaign

Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has explained the reason behind CISA’s move to release its first emergency directive about Domain Name System tampering activities.

Reports from FireEye and Cisco Talos revealed that malicious actors gained access to accounts that regulated DNS records and “made them resolve to their own infrastructure before relaying it to the real address,” Krebs wrote in a blog post published Thursday.

“Because they could control an organization’s DNS, they could obtain legitimate digital certificates and decrypt the data they intercepted – all while everything looked normal to users.”

Krebs, a 2019 Wash100 winner, noted that CISA’s directive is an urgent response to the risk posed by an active attacker that homes in on government organizations and compromises legitimate traffic to obtain data, cause delay or disrupt services.

“We know that this type of attack isn’t something many organizations monitor for or have tight controls around,” he said of the DNS hijacking campaign.
 

You may also be interested in...

Army Multi-Domain

Army Activates 2nd Multi-Domain Task Force in Germany for Defeating A2/AD Networks; Col. Jonathan Byrom Quoted

U.S. Army Europe and Africa has activated the 2nd Multi-Domain Task Force, a group tasked to stop adversary anti-access/area-denial networks in land, air, water, space and other environments. The 2nd MDTF will be based at the Clay Kaserne installation in Wiesbaden, Germany, and will be led by Col. Jonathan Byrom, the Army said Friday.