How do DNS hijacking attacks extend beyond denial of service and defacement to rerouting your email system and secondary compromises? Mike Smith, APAC Security CTO for Akamai Technologies, will speak about this in his session at the RSA Conference Asia Pacific and Japan being held in Singapore.
"Something not talked about much is how, when a domain is hijacked, an attacker can set up email rerouting to channel all email traffic on that domain to their own servers," he says. "This compromise can then be extended to request a password reset from your service providers, which then get sent via email to the attacker's designated servers."
The attacker can thus take over a lot of infrastructure by simply resetting the password to critical services in this manner, he says. These and other insights presented in a paper, "DNS in the Crossfire: Two Years of Hijacks and Defacements," come from the work done by Akamai's customer security incident response team.
"In the past two years, Akamai's CSIRT has spent more time on DNS hijacking and associated website defacements than any other type of attack," Smith says. "There are a lot of fundamental issues in the way DNS registrations are handled."
Smith's session, which covers some of the high-profile cases, is being presented on Friday, 24 July, at the Orchid room 4303 at the Marina Bay Sands hotel in Singapore.
In this exclusive interview with Information Security Media Group, Smith shares background on his session and some basic problems with DNS security. He offers insight on:
- Key findings from two years of CSIRT's research;
- Attack technique trends;
- Mitigation steps and counter-measures
Smith is the CTO, security, for the APAC theater for Akamai Technologies. He was previously the director of Akamai's customer security incident response team for two years, and was responsible for leading a team of Web security incident responders and researchers that studies the tactics, techniques and procedures of attackers and applies that knowledge to help protect Akamai customers during events such as site defacements, data breaches and distributed denial-of-service attacks.