Not a week goes by where you do not find a major Cyber Security story in the media. TechCrunch is reporting, ICANN warns of “ongoing and significant” attacks against internet’s DNS infrastructure last month.
While awareness is key, it seems to have no effect on the rate of recurrence of data theft, hacking or cyber attacks.
Now the internet’s address book keeper the Internet Corporation for Assigned Names and Numbers, or ICANN has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.
ICANN issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of “multifaceted attacks utilizing different methodologies.”
It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.
In January, security company FireEye revealed that hackers likely associated with Iran were hijacking DNS records on a massive scale, by rerouting users from a legitimate web address to a malicious server to steal passwords. This so-called “DNSpionage” campaign, dubbed by Cisco’s Talos intelligence team, was targeting governments in Lebanon and the United Arab Emirates. Homeland Security’s newly founded Cybersecurity Infrastructure Security Agency later warned that U.S. agencies were also under attack. In its first emergency order amid a government shutdown, the agency ordered federal agencies to take action against DNS tampering.
ICANN’s chief technology officer David Conrad told the AFP news agency that the hackers are “going after the Internet infrastructure itself.”
The internet organization’s solution is calling on domain owners to deploy DNSSEC, a more secure communication protocol.
In reality, I am starting to believe that more focus on cyber security is having a negative effect. We have become indifferent to breeches, and stories like these has made us helpless and lacking action.
If big businesses and even countries are not safe, how can an individual defend against a threat of this magnitude. Imagine if we were this compromising towards currency or even organizational assets.
In my understanding one of the reasons why Cyber Security is facing this challenge, is primarily due to lack of seriousness in organization’s day-to-day body language. We talk the talk but fail to walk it.
Due to recent events, I do think things are changing and we are heading towards a zero-tolerance and zero-comprise based approach. Where even the smallest or insignificant incident will bring about the most comprehensive of responses.
It is do able, it is not costly and it should be part of the enterprise architecture and DNA from day one.
I am a Cyber Security professional and a tech enthusiast. Feel free to reach out to me and to check the original story Click here