The ongoing federal shutdown looks like a tantalizing distraction for hackers, based on the announcement this week of an emergency Department of Homeland Security directive for nearly all federal agencies. The directive mandates cybersecurity actions to counter a global Domain Name System infrastructure hijacking campaign.
Cybersecurity and Infrastructure Security Agency (CISA) director Christopher Krebs said in a letter that the agency is “aware of multiple executive branch agency domains that were impacted by the tampering campaigns and has notified the agencies that maintain them.”
The required action for agencies is to secure the login credentials of their internet domain records. A compromised DNS server or registrar account could be used to redirect users to a malware-laced website. Requirements included adding multi-factor authentication, changing account passwords, auditing DNS records and monitoring certificate logs.
The partial federal shutdown could cause issues for agencies trying to comply with the order, yet short-staffed. It’s unclear how many furloughed employees might be required to return to work to implement the actions while working without pay.
The CISA wants preliminary status reports by Friday, January 25 and a report on the completed actions by February 5th.