Presentation is loading. Please wait.

Presentation is loading. Please wait.

Registrars and Security Greg Rattray Chief Internet Security Advisor.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Registrars and Security Greg Rattray Chief Internet Security Advisor."— Presentation transcript:

1 Registrars and Security Greg Rattray Chief Internet Security Advisor

2 The Internet as an Ecosystem Built as experiment; now part of everyday life – Assumed benign, cooperative users Now involves a wide variety of systems, stakeholders, opportunities & risks – Governments, corporations, civil society, criminals Malicious actors now use Internet – Growing centers of gravity – economically, socially, militarily – Anonymity & ability to leverage 3 rd Parties for Bad Acts – Underground economy is developed

3 Bot Nets and Complexity of Attacks Bot Bot Code Routing Botnet Developer Bot Target(s) Bot Controller C2 Attacker Multiple purposes; Possibly no digital connection Who’s responsible? Who should be part of a cooperative mitigation and defense? Who should be in a investigation/legal enforcement? Actors Involved - Code Developers - Botnet Developer (t = X) - Bot Controller (t = Y) - Owners of assets ( C2 and bots) - DNS operators - ISPs - Target (s) (to include firewall, IDS, proxies, targeted network asset Attack the swamps, not the fever

4 Exploitation or misuse against domain registration services Major Hacking Attacks against domain registration accounts around April – DomainZ – 5 ccTLD operators Also victimized: Coca-Cola Fanta F-secure HSBC Microsoft Sony Xerox Also victimized: Coca-Cola Fanta F-secure HSBC Microsoft Sony Xerox

5 Targeted SQL injection to registration management server Take-over domain account Assign new nameservers Point A record to defacement

6 What do these incidents reveal? (from SAC040 study) All an attacker needs to gain control of an entire domain name portfolio is a user account and password – Guess, phish, or socially engineer a single point of contact – Attackers also scan registrar account login portals for web application vulnerabilities – Attacker can change contact and DNS information of ALL domains in the account Email may be only method registrar employs to notify a registrant of account activity – Attackers know this and block delivery to registrant by altering DNS configuration Recovery from DNS configuration abuse is slow

7 Recommendations (from SAC040 study) Registrars: offer more protection against registration exploitation or misuse – Complement existing measures to protect domain accounts with security measures identified in the SSAC report Registrars: make information describing measures to protect domain accounts more accessible to customers Registrars: consider a voluntary, independent security audit as a component of self-imposed security due diligence ICANN: consider whether a trusted security mark programs would improve registration services security

8 Avalanche (Information Source : APWG)

9 Avalanche the delivery method for the Zeus botnet infector The pattern seen with Avalanche involves targeting vary registrars/resellers, but also targeting a small number of other providers to test their suitability for future attacks Fast Flux Domain Hosting Attacking commercial banking platforms of over 40 financial institutions Registrars that harden themselves against abuse see sharp reductions in volume

10 Avalanche Response Successes InterDomain.es – Dozens of domains daily – Overwhelming complaint calls – Implement unique registration process New accounts get an SMS verification message – All abuse disappears overnight Attacks against.UK registrars – Nominet steps in to work with registrars on response – Gets times down to a few hours –.UK temporarily ceases to be hit by Avalanche (Information Source : APWG)

11 Situation awareness information sharing ICANN security team sent out situation awareness bulletins to DNS registration community Potential attack against ccTLD Registration Systems (Published 13 July 2009) – http://www.icann.org/en/security/sa-2009-0001.htm http://www.icann.org/en/security/sa-2009-0001.htm High volume criminal phishing attack known as Avalanche the delivery method for the Zeus botnet infector (Published 6 October 2009) – http://www.icann.org/en/security/sa-2009-0002.htm http://www.icann.org/en/security/sa-2009-0002.htm

12 ERSR Process – gTLD Registries Security incidents – ongoing issue for registries Genesis – Conficker Request process – contractual relief; online form ICANN response process (see flowchart) Public comment open thru 16 November – http://www.icann.org/en/public-comment/#ersr http://www.icann.org/en/public-comment/#ersr October 2009

13 DNS Collaborative Response Process Events that threaten systemic security, stability and resiliency of the DNS – Events and incidents where the DNS or registration services are exploited and/or misdirected on a large scale attacks where the name service or domain registration service is used to facilitate attacks, or where the DNS infrastructure or registrations services are the targets of malicious activity Security team contact point – security-ops@icann.org October 2009

14 Registrar Community and DNS Security Do we need an ERSR for registrars How can ICANN enhance security posture of registrars? – Info sharing? Best Practices? Training? – Sessions with registrar technical security people? – Do we need a DNS CERT?

Download ppt "Registrars and Security Greg Rattray Chief Internet Security Advisor."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
ICANN SSAC, Cairo Nov 2008 Page 1 Summary of Fast Flux Dave Piscitello ICANN SSAC.

ICANN SSAC, Cairo Nov 2008 Page 1 Summary of Fast Flux Dave Piscitello ICANN SSAC.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.

Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology

Domain Name Registrant Data: The Privacy Questions Alan Davidson Center for Democracy and Technology
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Network security policy: best practices

Network security policy: best practices
Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.

Beyond DDoS: Case Studies on Attack Mitigation for Financial Services Mike Kun and Patrick Laverty, Akamai CSIRT.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google