The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.
The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of “multifaceted attacks utilizing different methodologies.”
It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.
In January, security company FireEye revealed that hackers likely associated with Iran were hijacking DNS records on a massive scale, by rerouting users from a legitimate web address to a malicious server to steal passwords. This so-called “DNSpionage” campaign, dubbed by Cisco’s Talos intelligence team, was targeting governments in Lebanon and the United Arab Emirates. Homeland Security’s newly founded Cybersecurity Infrastructure Security Agency later warned that U.S. agencies were also under attack. In its first emergency order amid a government shutdown, the agency ordered federal agencies to take action against DNS tampering.
ICANN’s chief technology officer David Conrad told the AFP news agency that the hackers are “going after the Internet infrastructure itself.”
The internet organization’s solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that’s more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult — though not impossible — to spoof.
But adoption has been glacial. Only three percent of the Fortune 1,000 are using DNSSEC, according to statistics by Cloudflare released in September. Internet companies like Cloudflare and Google have pushed for greater adoption by rolling out one-click enabling of DNSSEC to domain name owners.
DNSSEC adoption is currently at about 20 percent.