Protecting the Domain Name System: The address book of the internet
By Nominet
The Domain Name System (DNS) is crucial to the functioning of the internet, but remains vulnerable to prevalent cyber threats like malware. GovInsider speaks with David Carroll, Managing Director of Nominet UK to find out how exactly governments can defend their DNS from such threats.
The Domain Name System is vital to the functioning of the internet, without which, users would have no way to navigate the complex web. But it too needs to be protected from the cyber threats roving online. Image: Canva
DNS helps to convert URLs into IP addresses, much like the way Google Maps helps us convert postal codes into location pins on a map. But while DNS plays a critical role in how the internet works, it can be vulnerable to the cyber threats roving the net.
DNS can, for example, be an avenue through which threat actors distribute and operate malware, says David Carroll, Managing Director of Nominet UK – the official registry of .UK domain names. When users access websites containing malware, machines and networks can easily become infected, leading to potentially disastrous consequences.
Carroll delves into what some of these consequences can be and explains how organisations can adopt a stronger defensive posture to protect the DNS.
1. Can you share some examples of cyber attacks and threats that have happened as a result of malicious connections? What were the consequences?
Malware is a common example of a malicious connection attack where DNS is leveraged. It can cause harm in many ways, including stealing, deleting or encrypting, and taking control of devices to attack other organisations. Ransomware is a type of malware where attackers will threaten to publish personal data or block access until a payment is made.
The WannaCry ransomware attack in 2017 was perhaps the most notable example of this. The impacts were felt globally, as the attack spread through computers operating on Microsoft Windows. Users’ files were held hostage, and cryptocurrency was demanded for their return. Globally, over 230,000 devices were hit by WannaCry. Among those affected were critical systems needed for the functioning of countries including the UK’s National Health Service, Spain’s Telefónica telecom service, and Russian banks.
2. How does Nominet Cyber’s Protective DNS solution help to defend against such threats?
Every connection between an organisation’s network and the world wide web is present in the DNS (Domain Name System) traffic. Nominet Cyber’s Protective DNS (PDNS) is designed to analyse each one of these DNS requests and block those deemed malicious. Simply put, we offer protection against malware, ransomware, phishing attacks, viruses, spyware at source and malicious sites.
The PDNS enables governments to perform early and comprehensive incident response by providing visibility across a nation’s most critical networks, boosting its cyber situational awareness.
3. How is Nominet Cyber’s PDNS different from other DNS resolver services?
With over 25 years of experience in the national DNS space, we’re well-acquainted with what it takes to support governments in their cyber defence.
Nominet Cyber is the only Protective DNS provider who delivers a top-down solution for national intelligence and law enforcement to benefit a central authority. We work exclusively with governments and international cyber security agencies, ensuring PDNS can support the challenges that governments, specifically, face.
Our PDNS centres around four pivotal services:
- Intelligence: Working with customers to understand what data to collect based on their individual requirements
- Hunting: Proactively looking for threats that aren’t already blocked to strengthen threat intelligence
- Operations: Supporting major events that require analysis, triage and communication
- Community: Sharing insights between PDNS customers to drive future intelligence
4. Can you share a case study or example of how Nominet Cyber’s PDNS has helped a government agency bolster their cybersecurity posture or defend against cyber threats?
Nominet Cyber delivers PDNS on behalf of the National Cyber Security Centre to protect the UK public sector. The delivery of PDNS forms a vital part of the UK’s Active Cyber Defence, designed to tackle cyber attacks to improve national resilience.
PDNS protects an estimated 6 million users, secures more than 900 organisations delivering government services, with the additional protection of a thousand organisations in the National Health Service and Health and Social Care Network.
In 2020, a malicious, unauthorised modification to an IT monitoring software known as SolarWinds Orion was identified. This software was used by about 33,000 customers across the public and private sectors and hacking it could have granted threat actors privileged access to IT systems across the world.
Amidst this attack, the PDNS dataset became a primary data source for the analysis of risk and response. It revealed key information about the attack so government agencies could take follow-up action including how many public bodies were affected, the extent of compromise, as well as the precise location of which systems and agencies were affected. This gave assurance to many core parts of the government who could rest easy knowing that their systems were not compromised.
Learn more about Nominet's Protective DNS solutions at GovWare! Catch them at Booth N21 to find out more.