With the outbreak of the pandemic, many companies rushed to implement digital technologies to keep their business running. Yet, many of them missed an essential step in securing their digital assets against cyber attacks. With increasing numbers of people using the internet and accessing their business environment, bad actors gain a larger field of operation and benefit significantly from a successful attack
The domain name system (DNS) is one of the most critical components of internet infrastructure and, sadly, one of the most neglected. When a portion of the DNS is compromised or unavailable, users cannot reach related online resources and services. That’s because the DNS runs as the address book for the internet and is responsible for translating Internet Protocol (IP) addresses (series of numbers) into human-friendly domain names. Spoiling some elements of the DNS implies entire parts of the internet becoming unreliable or unreachable. It should therefore come as no surprise that DNS is a top target for cybercriminals.
Running a trustworthy ccTLD
As more people and businesses have been moving online, it has been our duty, as a ccTLD registry, to maintain stable and safe access to internet resources. As in any industry, domain name holders want to be sure that their personal information is adequately protected and that they are provided with top-notch services.
As security risks ramp up, TLD registries must implement thorough protection against security threats on two key aspects: databases of contacts and technical information related to registered domain names and the technical DNS infrastructure critical for public domain name resolution.
Over the last few years, certain security measures have been established to reduce vulnerability to known threats and respond to growing attacks. RNIDS and its registrar partners are now more secure, implementing stiff security protocols to prevent any incident involving the registry’s data and its operations. As a result, we haven’t experienced any registry breaches or operational difficulties, but this doesn’t mean there are no attempts. Like any system connected to the internet, we experience constant probing and attacks against our systems.
Is registry assets security enough to gain our users’ confidence?
One of the main threats faced by RNIDS is the compromise of registrants’ accounts used to update domain name information. That enables the attacker to execute unauthorised changes to domain name data by pointing a domain name toward a compromised online service instead of the appropriate content provided by the registrant. Accordingly, RNIDS has enabled three domain name lock mechanisms for registrants of Serbian national domains. By locking their domain names using an appropriate type of domain name protection, registrants allow only authorised persons to perform changes to the domain name.
Locking domain names, to some extent, prevent phishing and malware distributed via lookalike websites. Lookalike sites are regularly used to distribute malware or execute phishing schemes by replicating financial institutions or government portals to collect valuable personal information to drain bank accounts or steal identities.
Locking the domain name solves only part of the DNS security problems. The Domain Name System (DNS) responds without validating the source, which means it is vulnerable to injecting invalid DNS information and redirecting users to malicious content. This happens every day, all over the world. The estimate is that two-thirds of all cyber-attacks are related to the abuse of the DNS used for criminal acts or censorship of content.
DNSSEC (DNS Security Extension) is a technology that provides mechanisms for protection against the modification of DNS responses and redirecting users to online locations that are potentially harmful. For several years, RNIDS has been enabling Serbian national domains to be DNSSEC signed, in order to protect internet users from becoming victims of cybercriminals. This DNS security extension can be used by all domain name holders, but is almost mandatory for financial institutions and companies that do business oline.
DNS infrastructure security
Attacks against DNS infrastructure have increased in frequency and intensity over recent years. The aggregated bandwidth of millions of compromised “zombie” devices in a botnet has proven disastrous, and even well-equipped targets cannot sustain that amount of traffic. The best practice of TLDs to mitigate large-scale DDoS attacks is to utilise multiple globally distributed DNS anycast providers. RNIDS has responded to the problem by implementing changes to network architecture and introducing rate limits on the number of consecutive queries. Our DNS infrastructure comprises a network of public DNS servers in several geographic locations on all continents.
Trust is vital
A vital element of any TLD operator is trust in the reputation and ability of the registry to manage its namespace and enforce its policies. Where domain name registration is suspicious or engaged in illegal activity, RNIDS may audit the registration by triggering the Registrant Information Validation process via a registrar, thus ensuring that a registrant meets RNIDS registration policy requirements. If the registrant fails to verify that the information provided is correct, the domain name is suspended and cancelled, and no longer poses a threat to internet users.
RNIDS systems process more than 500 million DNS queries on a daily basis, and if someone wants to visit the website or send an e-mail on the .rs or .срб domain names, we ensure that they are directed to the right website; or that the message is delivered to the intended mailbox.
RNIDS strives to contribute to a safer environment for all internet users in Serbia. We thus actively organise educational campaigns and professional meetings to share our knowledge on technical, legal and internet protection issues related to domain names, DNS infrastructure and other issues that fall under our area of expertise.
Conclusion
The terms “secure, stable and resilient” have always been associated with TLD operators. From day one, we have been working to maintain the security, stability and resiliency of the systems that support the .rs and .срб domain names. We keep pace with the technology and cyber security trends and ensure that our customers enjoy the benefits of utilising the Serbian domain namespace.
As a TLD operator, RNIDS constantly monitors its systems to detect incidents and mitigate risk. We are aware that new attack vectors and events are constantly popping up and require continuous attention and the implementation of adjustments and different approaches to adequately defend against changing circumstances.