Core internet infrastructure under attack, ICANN warns
Image credit: Dreamstime
The Internet Corporation for Assigned Names and Numbers (ICANN) has declared that key parts of its infrastructure are under “ongoing and significant risk” from attackers, widely believed to be backed by states.
The group warned of the threat following an emergency meeting to discuss the attacks against key internet infrastructure. These attacks could date back as far as 2017, according to FireEye analyst Ben Read, but have prompted increasing concern in recent months amid mounting attacks.
According to ICANN, attackers have reportedly been targeting the Domain Name System (DNS), which translates domain names to IP addresses so web browsers can load web content, effectively routing traffic to its intended destination. The DNS is sometimes referred to as the “internet phone book”.
“They are going after the internet infrastructure itself,” ICANN CTO David Conrad told AFP. “There have been targeted attacks in the past, but nothing like this.”
These attacks could be used to intercept or redirect internet traffic, or to allow the hackers to ‘impersonate’ important websites, such as government websites.
Conrad added that there was no single tool that could be used to address the issue. Instead, ICANN is warning that an overall toughening of web defences is necessary. Specifically, it has called for the more widespread implementation of Domain Name System Security Extensions (DNSSEC), which secures traffic provided by the DNS by adding cryptographic ‘digital signatures’ for authentication, making it easier to identify data that has been tampered with. DNSSEC also helps internet users prevent ‘man-in-the-middle’ attacks, where users are unknowingly re-directed to potentially malicious sites, ICANN said.
“Public reports indicate that there is a pattern of multifaceted attacks utilising different methodologies,” an ICANN statement said. “Some of the attacks target the DNS, in which unauthorised changes to the delegation structure of domain names are made, replacing the addresses of intended servers with addresses of machines controlled by the attackers.”
“This particular type of attack, which targets the DNS, only works when DNSSEC is not in use.”
DNSSEC adoption is currently at approximately 20 per cent.
In January, US government authorities issued a warning about attacks on the DNS thought to be orchestrated by state-backed hackers. US government agencies are believed to be among the targets of these attacks.
“[This sort of attack] is roughly equivalent to someone lying to the post office about your address, checking your mail, and then hand-delivering it to your mailbox,” the Department of Homeland Security said. “Lots of harmful things could be done to your (or the senders).”
According to FireEye’s Read, “DNSpionage” attackers have been targeting email names and passwords to steal account credentials on a massive scale, particularly those of website registrars and internet service providers in the Middle East and some parts of Europe: “There is evidence that it is coming out of Iran and being done in support of Iran,” he said. Targets include governments, intelligence services, law enforcement, cyber-security specialists, the oil industry and airlines.
Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.