"...having a plan prepared for network-wide password resets in the event of an attack."
I like that, but would it kick everybody out at the same time and make them log back in?
Internet domain registrars and at least one registry were hijacked to change certain websites' DNS settings so that visitors to said sites were in fact directed to password-stealing phishing pages, researchers detailed on Wednesday. It is believed this is the first time state-backed miscreants have compromised web domain …
If your DNS gets hijacked, there goes your email. Even if everything sensitive is encrypted, it's another obstacle in the way of communicating with your service providers to sort things out. Especially if they have a process - like password reset - that relies on email, and the staff have been trained that anyone asking to bypass an email step is trying a scam.
It'd be trivial. Compromise the DNS records, redirect to your web-servers, go and grab a "Let's Encrypt" certificate and boom, you now have a legitimate certificate for your scam with users none the wiser, unless they religiously check the issuer of the certificate and know who normally issues the certificates for that particular website.
Computer systems within a registry and registrar were infected by tricking employees into opening spear-phishing emails laden with malware from sometime around January 2017, and continuing through the first quarter of 2019.
Really? For two years? In not just registrars but *registries*! Gordon Bennett. We're all doomed.
Biting the hand that feeds IT © 1998–2019