“The Homeland Security Department should never have had to issue its first-ever “emergency directive” earlier this week on domain name security (DNS).”
“The Cybersecurity and Infrastructure Security Agency (CISA) directed agencies to take four steps over the next 10 days to protect against DNS tampering — what many experts termed a well-known and unsophisticated attack.”
“Chris Krebs, the director of CISA, said in a Jan. 24 blog post that “malicious actors obtained access to accounts that controlled DNS records and made them resolve to their own infrastructure before relaying it to the real address. Because they could control an organization’s DNS, they could obtain legitimate digital certificates and decrypt the data they intercepted – all while everything looked normal to users.” Read the full article here.
Source: DHS issues first emergency cyber directive due to what didn’t happen in 2009 – By Jason Miller, January 28, 2019. Federal News Network.