The US Department of Homeland Security (DHS) has published today an “emergency directive” that contains guidance in regards to a recent report detailing a wave of DNS hijacking incidents perpetrated out of Iran.
The emergency directive [1, 2] orders government agencies to audit DNS records for unauthorized edits, change passwords, and enable multi-factor authentication for all accounts through which DNS records can be managed.
The DHS documents also urges government IT personnel to monitor Certificate Transparency (CT) logs for newly-issued TLS certificates that have been issued for government domains, but which have not been requested by government workers (a sign that a malicious actor has hijacked a government domain’s DNS records, and is now requesting TLS certificates in its).
Read more at ZDNet
