One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8470148 |
| Date de publication | 2024-03-25 06:00:56 (vue: 2024-03-25 13:09:07) |
| Titre | DNS pendante: nettoyage de printemps pour protéger contre le risque d'identification Dangling DNS: Spring Cleaning to Protect Against Impersonation Risk |
| Texte | It is well-established that email is the number one threat vector for cyberattacks. It\'s a go-to for many bad actors because they don\'t need to be highly skilled to initiate an email-based attack. Nor do they need to do elaborate work upfront. Their success hinges on their ability to be convincing. Targets must believe that they are interacting with a trusted source if they\'re going to voluntarily hand over sensitive data, provide their authentication credentials, make a wire transfer or install malware. That\'s why a critical part of any company\'s security posture is using protocols and policies that reduce impersonation risk. And a major step in this direction is to enable and enforce email authentication methods across all your domains. These include: Sender Policy Framework (SPF). This is a published authoritative list of approved sending IP addresses. It can help recipient email systems confirm that an email is coming from a legitimate source and is not impersonating a person or entity through spoofing. DomainKeys Identified Mail (DKIM). This email authentication method stamps a digital signature to outgoing emails. It helps recipient email systems verify, with proper alignment, that the email was sent by the domain it claims to be from and that it hasn\'t been altered in transit. Domain-based Message Authentication, Reporting, and Conformance (DMARC). This email authentication protocol builds on SPF and DKIM by allowing senders to set policies for handling emails that fail these authentication checks. If you don\'t maintain your systems, bad actors can exploit out-of-date information and nullify your email authentication efforts. In this blog, we will highlight a key bad actor impersonation tactic to inspire you to regularly spring clean your records moving forward. The tactic in focus: “dangling DNS” Dangling DNS refers to a misconfiguration in your email-related domain name system (DNS) records. A reference domain or subdomain is left pointing to a domain that no longer exists or is not under the control of the original domain owner. The term “dangling" implies that the DNS entry is pointing to something that is hanging without proper support. In this case, it is a domain that has expired. Bad actors have gotten wise to the fact that these expired domains create a crack in your defense that they can exploit. The risk of subdomain takeover If a subdomain is left pointing to an external service that the domain owner no longer controls, an attacker can register that domain to gain control of any DNS records that are pointed toward it. So, when they initiate their impersonation-based attack, they have the added benefit of passing email authentication! Using SPF records with all your sending infrastructure listed, rather than hidden behind an SPF macro, also discloses sensitive data about your company\'s infrastructure. Attackers can use this data to plan and execute targeted attacks. Actions you can take to reduce risk To mitigate the risks associated with dangling DNS records, domain owners must review their email-related DNS configurations regularly. It is especially important when you decommission or change services. Here are some actions that can help you to reduce your risk exposure. Regularly review and remove unused DNS records You should promptly remove DNS records that point to deprecated or unused services: SPF records. Review and minimize the entries that are posted within your SPF record. Review every “Include” and “Reference”, especially for third parties and expired domains, or if domains change owners. Access to SPF telemetry data can help simplify your investigations. DKIM selector records. Review CNAMEd DKIM selector records that point to third parties for expired domains, or if domains change owners. DMARC policy records. Review CNAMEd DMARC records that point to third parties for expired domains, or if domains change owners. MX records. Review MX records for your domains to see if any old entries are still inc |
| Envoyé | Oui |
| Condensat | ability about access account across actions active actor actors added addresses addressing against alignment all allowing also altered any approach approved are associated attack attacker attackers attacks auditing authentication authenticity authoritative avoid bad based because been behind believe benefit better blog brief builds can capabilities case certain change checks claims clean cleaning cloud cnamed coming company configurations confirm conformance contact control controls convincing could crack create credentials critical current cyberattacks dangling data data date decommission defense deprecated digital direction discloses discuss dkim dmarc dns dns: dnssec dns” domain domainkeys domains don efforts elaborate email emails enable enforce enhance entity entries entry especially essential established every execute exists expired exploit exploiting exposure extensions external fact fail feature features focus: follow forward framework fraud from future gain get give going gotten guidelines hand handling hanging has hasn have help helps help here hidden highlight highly hinges holistic hosted how identified impersonating impersonation implies important improve inactive inactivity incidents include: included includes information infrastructure initiate inspire install integrity interacting investigations ips issues key learn left legitimate list listed longer macro mail maintain major make malicious malware managing many means message method methods minimize misconfiguration mitigate monitoring more more moving must name need nor not now nullify number offers old one online original out outgoing over overall owner owners part parties party passing person plan point pointed pointing policies policy posted posture presence prevent proactive promptly proofpoint proper protect protection protocol protocols provide providers publish published rather recipient record records records reduce reference refers register regular regularly reject related reliable remove removed reporting review risk risks risk secure security see selector sender senders sending sensitive sent service services services: set should sign signature simplify skilled solution some something source spf spoofing spring stamps standard step steps strong subdomain subdomains success support system systems tactic take takeover takeovers takeover takes targeted targets team technology telemetry term than that these they third threat through toward transfer transit trusted under unified unused upfront use using vector verify visibility voluntarily well when which why will wire wise within without work your “dangling “include” “reference” |
| Tags | Malware Threat Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.