Why Protecting Email is More Than Using a Secure Password
Imagine that you are in your car and driving to work. Suddenly, there is an urgent call from your assistant telling you that your company’s website has been attacked by hackers. Visitors to your corporate site are not only seeing the messages and images posted by hackers, but screenshots of private emails sent to your company posted to Twitter for all the world to see. This is a situation that Lenovo sadly faced back in February of this year.
It was soon determined by the experts that Lenovo’s servers had not in fact been compromised. So how can a site be controlled by hackers without actually being hacked? The answer is by manipulating the Domain Name System (DNS) records. DNS records are handled by Domain Name Registrars; GoDaddy is one example. In Lenovo’s case, the registrar was Webnic.cc, based in Malaysia. As it turns out, the hackers responsible for the attack on Lenovo were able to gain access to Lenovo’s DNS records which then rerouted traffic to a server that the hackers controlled. In addition, changes to the MX settings, which define the location of the mail server, allowed the hackers to receive any email sent to Lenovo by customers, employees, etc.
DNS hijacking should be considered a growing threat which could befall any company large or small. It would be wise to take steps to insure that your DNS records are protected. Make sure your company’s Domain Name Registrar:
- Uses two-factor authentication
- Uses domain locking Implements
- DNS Security Extensions (DNSSEC)
As always, you should maintain best practices for the protection of your company’s servers. These elements include strong passwords and two-step verification. Whether you use Cloud IT Services or manage your own “in-house” IT infrastructure, companies with a proactive approach to data protection will always make a less attractive target for hackers – yet no company should consider themselves immune to the possibility.