The United States Department of Homeland Security has issued an emergency directive in response to a serious, global campaign of domain name system (DNS) infrastructure tampering, believed to originate in Iran.
Earlier in January, security vendors Cisco Talos and Mandiant FireEye outlined a spate of DNS hijacks against multiple government, telcos and internet infrastructure organisations in Europe, North America and the Middle East/Africa.
Attackers have successfully redirected web and email traffic by altering DNS records, making them point to servers on addresses that they control.
They've been able to do so by capturing administrative credentials for administrative accounts that can make changes to DNS records. FireEye and Talos said they have received reports that sophisticated phishing attacks were used to gain acccess for DNS record manipulation, as well as compromising a victim's domain registrar account.
Sourced from: itnews.com