“Unprecedented Times” is common nomenclature these days and used to justify radical and previously unthinkable societal changes on an almost daily basis. This has rocked our ability to feel secure and stable, resulting in feelings of great uncertainty that touches each one of us. Including every one of your employees and supplier’s employees. Therefore, it is especially important that we think of Cybersecurity from a broader scope because areas of risk go far beyond the “network, hardware and software” we have traditionally focused on.
Currently, a significant portion of workers are dispersed, working remotely, and vulnerable to many confidence attacks through their social media personas. Their contact info is easily obtained, their position and employ publicly accessible, and the existence of many dark actors actively seeking to exploit weaknesses to access your guarded internal infrastructure through common human misjudgment. An employee’s life instability makes them ever more vulnerable to these types of attacks, and instability is one of the main descriptors of this period of history that we are living through.
In this post I will lay out some practical suggestions on how you can strengthen your internal defenses against the ever-growing frequency of these types of exploits. We will also highlight how Domainsure, our unique and secure DNS and Domain service, can quickly and cost effectively shore up many serious vulnerabilities other Domain Name Registrars and DNS providers are either too reticent or incapable of addressing.
There have been multiple documented cases of registrar customer service agents being manipulated into allowing malicious actors access to domain owner accounts on their platforms. One of the more recent and egregious examples covered by a Krebs On Security article is where multiple cryptocurrency trading platforms had their web and email traffic redirected without their knowledge. This was achieved through scams perpetrated on Godaddy’s unsuspecting support staff who did not have the tools and training to deflect them.
In November of this year, a “Social Engineering” scam was perpetrated against several GoDaddy support staff using details divulged through their social media accounts combined with brand theft using typo or phishing domains. They were able to acquire the contact info, and ultimately the trust of those staff members where they unwittingly shared sensitive client credentials that the perpetrators leveraged to make changes to customer accounts without their knowledge or permission.
Both impacted crypto exchanges were able to fend off the attacks, but not before the perpetrators were able to acquire access to sensitive internal systems and data. This is the type of nightmare scenario that sysadmins lose sleep over and was completely avoidable if GoDaddy had the right systems and procedures in place.
Most Registrars treat DNS and Domain Names as commodified digital goods, focusing on the reduction of overheads such as automated billing, automated cut-off, and low quality mostly automated support as a means to compete on price. They DO NOT actively manage your domains, and care less for establishing a relationship with your IT and Security staff. They do not monitor for problems which have the potential of completely shutting down your online presence, or worse allow bad actors to steal your assets or insert themselves between you and your customers.
How Domainsure Solves these problems
Staving off these types of attacks requires a two-pronged approach. Actively monitoring / pre-empting nefarious actor’s attempts at mimicking your brand and ensuring both you and your supplier’s staff have the tools, processes, and training necessary to mitigate risk.
DomainSure by easyDNS is the service culmination of over 20 years experience in the field of internet naming and infrastructure. As one of the first pure-play managed DNS providers in existence, and our evolution as an ICANN accredited domain registrar, we’ve seen every naming related failure condition possible and made it our business to develop processes, methodologies and tools to prevent them. Now, you can too.
The first step starts with reaching out to our expert team that will do an in-depth review of your Domain Names and DNS infrastructure. Once complete, we will move your Domains and associated DNS over to our top tier platform that includes the latest rock-solid security procedures and processes to ensure no bad actors have opportunity to gain access to your valuable digital assets.
We then continue monitoring for nefarious domain registrations using your brand’s key terms and scan the Dark Web for references to ensure we are always ready to identify the first signs of an attack. All of this at a price point that will leave you and your budget with the peace and confidence to focus on what really matters, and that is the successful growth of your business.
What you can do in-house
As documented in the Joint Cybersecurity advisory published by the FBI / CISA, there are a number of items they advise you to implement to significantly reduce the likelihood of these types of attacks being implemented on your staff.
Domainsure employs these measures in house, so you can rest assured that we practice what we preach to maintain our position as the world’s most security focused Registrar. Our experts are ready and willing to help provide recommendations and advise so you are not implementing this process alone.
- Restrict VPN connections to managed devices only, using mechanisms like hardware checks or installed certificates, so user input alone is not enough to access the corporate VPN.
- Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.
- Employ domain monitoring to track the creation of, or changes to, corporate, brand-name domains.
- Actively scan and monitor web applications for unauthorized access, modification, and anomalous activities.
- Employ the principle of least privilege and implement software restriction policies or other controls; monitor authorized user accesses and usage.
- Consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to
authenticate the phone call before sensitive information can be discussed.
- Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts.
- Verify web links do not have misspellings or contain the wrong domain.
- Bookmark the correct corporate VPN URL and do not visit alternative URLs on the sole basis of an inbound phone call.
- Be suspicious of unsolicited phone calls, visits, or email messages from unknown individuals claiming to be from a legitimate organization. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information. If possible, try to verify the caller’s identity directly with the company.
- If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement.
- Limit the amount of personal information you post on social networking sites. The internet is a public resource; only post information you are comfortable with anyone seeing.
- Evaluate your settings: sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.
If you would like to commission an in-depth portfolio audit or learn more about our services, please contact one of our sales team who will be happy to help.