Organisations invest a lot of time, resources and money into ensuring the security of their back office systems but this can often be in vein if they fail to account for the external threats impacting their business. The security of your DNS provider is arguably one of the biggest examples of this, according to Oscar Arean, technical operations manager at Databarracks.
Recently, it was revealed that webhosting company Easily had emailed its customers to inform them that it had fallen victim to a malware attack. While it was quick to reassure customers that there was no evidence that account details, passwords or any personal information which could identify the customer had been accessed, Arean suggests it is imperative that organisations should have practices in place to protect themselves should this happen to their DNS provider:
Oscar commented “Most organisations depend on their DNS provider in some capacity, whether it be for SPF records, their website, online portals or their Exchange, however what often isn’t considered is how secure these providers actually are themselves and what the consequences would be for you should these providers suffer a cyber-attack.
“It is actually relatively easy for a hacker to disrupt your services if you depend on an external provider and their security measures aren’t up to scratch. The impact on your business could be disastrous. A hacker could potentially change, wipe or redirect your DNS, impacting your mail-flow, website, marketing or your service portals. You could even get locked out of the control panel you use to manage your DNS records if a hacker changes your password. A lot of DNS providers just use shared passwords with no Two Factor Authentication (2FA) to verify the user is legitimate. All it would take is for someone with the password to log on, redirect your IP to a malicious site, and then change your password so that you are locked out of the account and unable to resolve the issue.
“Unfortunately, a lot of organisations don’t have plans in place for dealing with such events, and it is crucial that action is taken. As a starting point, consider your supplier carefully. It is recommended to look for security features like 2FA. This is a two-part process, which usually includes a password and a separate code sent to a pre-verified device such as a mobile phone that is only accessible by the user. For the hacker this is difficult to break unless they have access to the pre-verified device.
“It’s imperative that accurate DNS records are kept. It can take up to 24 hours for DNS records to update, so a hacker could make changes and you might not even notice until the following day if you weren’t sufficiently tracking them. Accurate auditing allows you to see what the DNS record was before and what it has been changed to, so you can easily revert to your original settings if an unauthorised change has been reported. Most DNS providers log their changes but this isn’t always visible to the customer. It’s possible to issue a support request for your logs but this can often take time. There are some good alerting tools available to help your IT team, alerting you as soon as an authorised change occurs, but these are optional and do come at a cost.
Arean concludes: “Ultimately, there isn’t a failsafe way to protect your DNS – this is the responsibility of your provider. Work with a provider who can prove that they take security seriously to limit your risks and give you the peace of mind that your IT is in safe hands.”