\u201cUnprecedented Times\u201d is common nomenclature these days and used to justify radical and previously unthinkable societal changes on an almost daily basis. This has rocked our ability to feel secure and stable, resulting in feelings of great uncertainty that touches each one of us. Including every one of your employees and supplier\u2019s employees. Therefore, it is especially important that we think of Cybersecurity from a broader scope because areas of risk go far beyond the \u201cnetwork, hardware and software\u201d we have traditionally focused on.<\/p>\n
Currently, a significant portion of workers are dispersed, working remotely, and vulnerable to many confidence attacks through their social media personas. Their contact info is easily obtained, their position and employ publicly accessible, and the existence of many dark actors actively seeking to exploit weaknesses to access your guarded internal infrastructure through common human misjudgment. An employee\u2019s life instability makes them ever more vulnerable to these types of attacks, and instability is one of the main descriptors of this period of history that we are living through.<\/p>\n
In this post I will lay out some practical suggestions on how you can strengthen your internal defenses against the ever-growing frequency of these types of exploits. We will also highlight how Domainsure, our unique and secure DNS and Domain service, can quickly and cost effectively shore up many serious vulnerabilities other Domain Name Registrars and DNS providers are either too reticent or incapable of addressing.<\/p>\n
The Concerns<\/strong><\/p>\n There have been multiple documented cases of registrar customer service agents being manipulated into allowing malicious actors access to domain owner accounts on their platforms. One of the more recent and egregious examples covered by a Krebs On Security article is where multiple cryptocurrency trading platforms had their web and email traffic redirected without their knowledge. This was achieved \u00a0through scams perpetrated on Godaddy\u2019s unsuspecting support staff who did not have the tools and training to deflect them.<\/p>\n In November of this year, a \u201cSocial Engineering\u201d scam was perpetrated against several GoDaddy support staff using details divulged through their social media accounts combined with brand theft using typo or phishing domains. They were able to acquire the contact info, and ultimately the trust of those staff members where they unwittingly shared sensitive client credentials that the perpetrators leveraged to make changes to customer accounts without their knowledge or permission.<\/p>\n Both impacted crypto exchanges were able to fend off the attacks, but not before the perpetrators were able to acquire access to sensitive internal systems and data. This is the type of nightmare scenario that sysadmins lose sleep over and was completely avoidable if GoDaddy had the right systems and procedures in place.<\/p>\n Registrar Failings<\/strong><\/p>\n Most Registrars treat DNS and Domain Names as commodified digital goods, focusing on the reduction of overheads such as automated billing, automated cut-off, and low quality mostly automated support as a means to compete on price. They DO NOT actively manage your domains, and care less for establishing a relationship with your IT and Security staff. They do not monitor for problems which have the potential of completely shutting down your online presence, or worse allow bad actors to steal your assets or insert themselves between you and your customers.<\/p>\n How Domainsure Solves these problems<\/strong><\/p>\n Staving off these types of attacks requires a two-pronged approach. Actively monitoring \/ pre-empting nefarious actor\u2019s attempts at mimicking your brand and ensuring both you and your supplier\u2019s staff have the tools, processes, and training necessary to mitigate risk.<\/p>\n DomainSure by easyDNS is the service culmination of over 20 years experience in the field of internet naming and infrastructure. As one of the first pure-play managed DNS providers in existence, and our evolution as an ICANN accredited domain registrar, we\u2019ve seen every naming related failure condition possible and made it our business to develop processes, methodologies and tools to prevent them. Now, you can too.<\/p>\n The first step starts with reaching out to our expert team that will do an in-depth review of your Domain Names and DNS infrastructure. Once complete, we will move your Domains and associated DNS over to our top tier platform that includes the latest rock-solid security procedures and processes to ensure no bad actors have opportunity to gain access to your valuable digital assets.<\/p>\n We then continue monitoring for nefarious domain registrations using your brand\u2019s key terms and scan the Dark Web for references to ensure we are always ready to identify the first signs of an attack. All of this at a price point that will leave you and your budget with the peace and confidence to focus on what really matters, and that is the successful growth of your business.<\/p>\n