View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

DNS Hijacking: .UK Domain is Safe Says Nominet, Citing Layered Security

Nominet: "We use 2FA across our systems and Domain Lock for our registrars"

By CBR Staff Writer

Organisations using the .uk domain are safe from DNS hjacking attacks, Nominet – the business responsible for the domain’s DNS – said today, after Cisco Talos reported a series of attacks that effectively hijacked and rerouted the domains of entire countries.

Talos had flagged a “highly capable and brazen” attack by a hacker group it dubbed “Sea Turtle” against 40 different organisations that involved compromising a wide range of top-level country code domains; effectively intercepting the traffic of every domain in multiple countries. The group’s primary targets were national security organisations, ministries of foreign affairs, and prominent energy organisations, it said.

DNS hijacking UK

(By rerouting DNS traffic an attacker can commit a ‘man-in-the-middle’ attack against a colossal range of targets using the given targeted domain; decrypting the flow of information between internet users and  the sites they think they are visiting).

DNS Hijacking: UK is Safe, Says Nominet

Cath Goulding, Head of Cyber Security at Nominet said: “From a .UK perspective, Nominet has taken steps to ensure that the country’s top-level domain and DNS is secure from this sort of attack by applying a layered security approach.  This includes two factor authentication (2FA) across our systems and Domain Lock for our registrars.

While 2FA helps verify authenticity, Domain Lock is a tool by which registrars can literally ‘lock’ domains so that no changes can be made without thorough authentication of the domain name owner via 2FA.”

She added: “For businesses that have their own DNS provisions, we would recommend checking your DNS settings manually to ensure they are still pointing to legitimate servers. The issue with this sort of attack is that it’s incredibly difficult to spot. We would recommend implementing stringent access protocols for your DNS settings, such as multi-factor authentication, as this additional layer of security makes it much harder for hackers to gain access to your systems.”

Public Sector: NCSC Offers Own DNS Service

For public sector organisations, the UK’s National Cyber Security Centre (NCSC) offers a protective DNS (PDNS) solution that it funds; this went live in 2017. Users simply need to change their current recursive DNS resolver to the NCSC PDNS server.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

John Hultquist, Director of Intelligence at FireEye, noted in a response to yesterday’s Talos report: “FireEye is currently tracking several clusters of activity responsible for the manipulation of DNS records.”

Pointing to a recent FireEye blog that attributed some of this activity to Iranian actors, he added: “We suspect that other actors, and potentially other states, are behind additional unrelated intrusions involving DNS manipulation. We believe this activity included the use of stolen EPP credentials and is likely state sponsored. EPP is an underlying protocol used to manage the DNS system.

These incidents can be very difficult to detect because evidence of record changes and SSL certificates resides outside a traditional enterprise network and the security of these systems lies with a third party.  We have observed this technique used by actors of many different skill levels to support espionage, crime, hacktivism and other motives, and we anticipate that more actors will adopt this technique in the near future. Additionally, though a great deal of the described by TALOS focuses on the Middle East and North Africa, there is no reason to assume DNS manipulation will remain limited to any region or vertical.”



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.