The Patriot Files Forums  

Go Back   The Patriot Files Forums > Warfare > Cyber

Post New Thread  Reply
Thread Tools Display Modes
Old 01-27-2019, 12:41 PM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 15,912
Arrow DHS orders ‘emergency directive’ to guard against hacks

DHS orBy: ders ‘emergency directive’ to guard against hacks
By: Justin Lynch

The Department of Homeland Security said in Jan. 22 emergency directive that multiple executive agency websites have been harmed by a hacking campaign, although it is not clear what exactly has been affected or which agencies are involved.

The attack involves targeting the Domain Name System, the department said, which is the backbone of the internet’s address system.

“Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve,” the department’s Computer Emergency Readiness Team said Jan. 10 in a post on DNS hijacking. “This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.”

Homeland Security ordered federal agencies to take four steps within 10 business days. That process included auditing DNS records, changing DNS account passwords, adding multi-factor authentication and monitoring certificate logs. It’s not clear how many employees will be effected by the change or if the changes can take place during a partial government shutdown.

The Washington Post reported that no intelligence or Defense Department networks have been affected, citing U.S. officials.

The emergency directive is one of the most significant public operations undertaken by the Cybersecurity and Infrastructure Security Agency since it was created in November, 2018.

In a previous update that detailed the DNS attack, Homeland Security referred to an analysis from the threat intelligence firm FireEye.

Then, FireEye said the DNS hacking campaign has “affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.”

FireEye said there was evidence Iran was behind the campaign, citing IP addresses.

The threat intelligence firm said it found no clear pattern in how the attackers gained access to the DNS files, but added that in some instances used “sophisticated phishing attacks.”

“This type of attack is difficult to defend against, because valuable information can be stolen, even if an attacker is never able to get direct access to your organization’s network,” FireEye said. “This DNS hijacking, and the scale at which it has been exploited, showcases the continuing evolution in tactics from Iran-based actors.”

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 07:38 PM.

Powered by vBulletin, Jelsoft Enterprises Ltd.