2FA - Why
Molti esempi recenti di account hijacking in DNS provider (Gennaio-Aprile 2019)
This type of attack is difficult to defend against, because valuable information can be stolen, even if an attacker is never able to get direct access to your organization’s network.
1. Implement multi-factor authentication on your domain’s administration portal.
2. ...
1. Implement multi-factor authentication on your domain’s administration portal.
2. ...
(from Fireeye report below)
Statement on man-in-the-middle attack against Netnod
...a major global DNS provider based in Sweden. Netnod also operates one of the 13 “root” name servers, a critical resource that forms the very foundation of the global DNS system.
https://www.netnod.se/news/statement-on-man-in-the-middle-attack-against-netnod
Hackers breached Greece's top-level domain registrar
https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/
DNS Hijacking Abuses Trust In Core Internet Service
at least 40 different organizations across 13 different countries were compromised during this campaign
https://blogs.cisco.com/security/talos/dns-hijacking-abuses-trust-in-core-internet-service
Global DNS Hijacking Campaign: DNS Record Manipulation at Scale
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
Mitigate DNS Infrastructure Tampering
Within 10 business days, implement multi-factor authentication (MFA) for all accounts on systems that can make changes to your agency’s DNS records.3 If MFA cannot be enabled, provide CISA with the names of systems, why it cannot be enabled within the required timeline, and when it could be enabled.
(Emergency directive, Department of Homeland Security)
https://www.ncsc.gov.uk/blog-post/stepping-multi-factor-authenticationStepping up to multi-factor authentication
Despite being widely available, uptake of multi-factor authentication has been slow and we need to change that. We talk about passwords a lot in the NCSC, but, it doesn't matter how 'good' your password is, it is not enough to secure access to valuable online services on its own.https://www.ncsc.gov.uk/blog-post/stepping-multi-factor-authentication
Securing Office 365 with better configuration
In December last year we published an advisory detailing how to protect Office 365 accounts against the kind of credential stealing attacks that we had been seeing. We believe that anyone with an Office 365 account would benefit from acting on the security recommendations in this advisory. From small businesses through to large enterprises, implementing measures such as Multi-factor Authentication (MFA) should be a high priority.https://www.ncsc.gov.uk/blog-post/securing-office-365-with-better-configuration
WebAuthn and security keys = unlocking the key to authentication
https://fidoalliance.org/web-authn-security-keys-unlocking-the-key-to-authentication/Presentazione di ricercatori Google
Protecting users from government-backed hacking and disinformation
From July to September 2019, we sent more than 12,000 warnings to users in 149 countries that they were targeted by government-backed attackers...Over 90 percent of these users were targeted via “credential phishing emails”.... These are usually attempts to obtain the target’s password or other account credentials to hijack their account. We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys...