Today’s columnist, Mark Flegg of CSC Digital Brand Services, offers four ways to ensure that DNS records don’t become a security hazard. (Stock Photo, Getty Images)
Over the last few years, there has been an increase in cyberattacks targeting vulnerable subdomains so that criminals can set up fraudulent web pages and emails used in phishing, malware, and ransomware schemes. This increase in subdomain hijacking has created the need for strengthened Domain Name System (DNS) security and the management of all DNS records.
Digital records accumulate over time, and administrators who are unaware of each domain’s history are hesitant to delete legacy records fearing they are tied to critical infrastructure. This buildup of inactive DNS zone records that do not point to content are known as “dangling DNS” and are at risk of subdomain hijacking where an attacker gains control of a legitimate subdomain that’s no longer in use to host their own fraudulent or malicious content.
Traditionally, domain security was an overlooked aspect in broader cybersecurity planning and budgeting, particularly because of confusion on who would own and manage it among marketing, IT, and cybersecurity departments. As a result, there are several challenges today for teams aiming to make improvements to the monitoring and security of their DNS landscapes.
Unlike physical business assets that take up physical space, the digital nature of DNS records make these assets harder to keep track of. As businesses grow with new initiatives and campaigns, and employees come and go, their record bases only multiply. Eventually, most companies end up with 20-plus years of history within their DNS records holding information on owners, policies, vendors and more.
Administrators scanning DNS records usually are hesitant to delete any records they are unfamiliar with, for fear of accidentally deleting something necessary to the company’s critical infrastructure and operations. Though understandable, the issue with stockpiling DNS records is that the sheer number makes it difficult to ensure they are all accounted for when conducting proper housekeeping. Organizations therefore run the risk of leaving unresolving, dangling DNS records susceptible to subdomain hijacks which can then allow phishing, malware, data theft, stolen credentials and financial loss.
Ultimately, security teams need to develop a mindset shift in treating domain security and DNS abuse as an ongoing risk management process instead of an infrequent checkup. Only then will companies have more complete cyber hygiene across their entire digital ecosystem.
Similar to other security and protection programs, implementing effective domain security and DNS management requires a defined strategy. Teams need to establish a consistent process for collecting and documenting DNS record activity as well as justifying how they are handled. Here are four ways to make DNS upkeep more efficient:
Does the record point somewhere/resolve?
What the record’s function today and who requested it?
What’s the long-term value of the record if the company keeps it?
With more organizations prioritizing internet-based communications along with customer engagements and interactions, it’s critical for companies to maximize the security of their DNS infrastructure to prevent security issues, disruptions and other threat actor activities that could cause harm to the brand and its reputation.
While attacks on vulnerable subdomains continue to rise, companies can no longer afford to overlook the state of their domain and DNS security. Executive and security teams need to consider a more proactive strategy for ongoing DNS maintenance and how they can incorporate this strategy as their business grows and new DNS records are created.
Mark Flegg, global director, security services, CSC Digital Brand Services
Martin Roesch
Why we need tools that can deliver visibility both in the cloud and on-prem.
Steve Zurier
Security researchers say they recorded several thousands exploit attempts on Atlassian Confluence RCE originating from more than 600 unique IP addresses.
SC Staff
Major U.S. multinational financial services firm JPMorgan Chase & Co. was reported by its Asset and Wealth Management CEO Mary Callahan Erdoes to have been subjected to more attempted cyberattacks against its systems, BNN Bloomberg reports.
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.
About The Author
More Stories
From Coverage to Meaningful Connectivity: How Kenya Is Leading Africa’s Internet Future
Community Snapshot—April
Anatomy of a Scam