By the DynaSis Team
The weekend before we posted this article, news broke that Google’s DNS server had been hacked. The DNS (domain name system) is a system that assigns and keeps track of the Internet addresses for every Internet-connected resource. A DNS server uses this information to translate the domain names we associate with websites into their numerical equivalent (called IP addresses) to allow Internet users to reach their destinations.
For 22 minutes on Saturday, March 15, Google’s DNS server was under the control of hackers, who had the ability to redirect traffic to any domain they chose. In this case, millions of users who used Google were redirected to British Telecommunications’ Latin American division in Venezuela and Brazil―but their connection could also have been routed through any other Internet server along the way, exposing their connections and information, en route.
This news comes at the same time the media are announcing that Target ignored advice from its cybersecurity firm before its historic holiday 2013 data breach, and shortly after Bitcoin exchange MtGox filed for bankruptcy, saying it had lost some 8.5 million Bitcoins to hackers. (Bitcoins are a form of currency used for various online transactions―users deposit real money into these exchanges to keep Bitcoins readily available in their accounts for later use. All of them may have lost their investments.)
These stories once again underscore the vulnerability of even the largest merchants, Internet providers and financial institutions. In the case of Target, the news also reinforces the notion that companies can be culpable in the event of bad decision making―possibly leaving them deeply liable for their negligence when security breaches occur.
For this reason, DynaSis urges all its blog readers―customers and others―to have security assessments done and to ensure their networks are as robustly defended as possible. Furthermore, based on the recent spate of news, we encourage companies not to consider large entities or their Internet sites and services to be “safe.” As this news illustrates, any company whose personnel used the corporate network to access Google for searches or Target to purchase office items could potentially have put company IT assets at risk. Stout security defenses may be able to prevent such redirection, and, if not, they can certainly prevent attackers from accessing company information during the redirects.
We also remind our customers to upgrade all their Windows XP computers before the end-of-support deadline on April 8, 2014. At that point, Microsoft will no longer provide security updates for that operating system (OS), exposing to attack both the Windows XP computers and the networks to which they are connected. Upgrading your office systems to a new OS may require hardware upgrades, as well, so companies should not wait until the last minute to engage in this effort.
Our technical experts can perform a network assessment for your company, complete with a full software inventory, to identify and let you address every instance of Windows XP running on your network. To learn more, fill out our inquiry form or give us a call.