NY Times, Twitter DNS attacks highlight open-source vulnerabilities: Nominum

High-profile security hacks – such as the Melbourne IT-linked DNS redirection attack that took down websites of Twitter, the New York Times and others overnight – highlight the lingering inadequacies in open-source network infrastructure that will progressively push Internet service providers (ISPs) towards more-secure alternatives, a DNS security expert has warned.

Hackers targeted Melbourne IT domain-name systems, apparently stealing credentials from a reseller and using its account to make changes that caused numerous Web sites to be redirected to the Russia-based Web page of the Syrian Electronic Army (SEA).

The DNS records of the highest-profile sites to be affected were restored to correct settings within hours and locked by Melbourne IT, but the fact that the attacks happened at all reflects the lingering insecurities in existing DNS models, Nominum’s Asia-Pacific regional sales director Carl Braden told CSO Australia.

“We’ve seen this time and time again with open-source DNS,” he said. “The criminals are smart enough to use their tools to understand its limitations, and then do an exploit. There was a day in the early days of the Internet that you could buy an open-source router, but I think the DNS open-source days are limited.”

Earlier this year, for example, researchers identified a vulnerability in the popular BIND DNS server software that would allow hackers to crash DNS servers. Open DNS resolvers were fingered in a 2012 HostExploit report that found they were increasingly being used to amplify DDoS attacks.

In April, Russian Web search firm Yandex launched a public DNS service that blocks adult and malware-bearing Web sites. Google this year moved to boost the security of its public DNS service through the introduction of DNS Security Extensions (DNSSEC) encryption that enables the digital signing of Web sites’ DNS records.

For its part, Nominum recently signed a deal with Sophos that will integrate Nominum’s DNS-security platform with Sophos’ URL-based content intelligence tools to improve filtering and avoidance of malicious Web addresses.

“It provides a broader and more comprehensive scope for leveraging the DNS platform,” Braden explained. “We’re able to provide a service that prevents customers going to sites known to be infected or hosting malware.”

Such functionality is going to become more and more common over time as security firms increasingly look outside of open-source structures, Braden said: “It’s a big step away from what we’ve seen in the past, but I think [such changes] are an acknowledgment that the open source model doesn’t allow the levels of investment that a commercial model allows to be invested in security and features.”

ISPs can also be expected to take a more proactive role in DNS security updates as they increasingly seek to lure and retain customers based on the idea of being a trusted service provider.

“ISPs are going to be competing with each other on the concept that is just emerging, which is trust,” Braden said. “If you don’t have trust in your network service provider, and feel like every time you’re online that you’re exposed, then your trust comes crumbling down and the good things built for the Internet become unusable.”

Join the CSO newsletter!

Error: Please check your email address.

Tags new york timesDNS attackstwitter

More about CSOGoogleMelbourne ITNominumSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place