CSC joins the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the UK National Cyber Security Centre, and other leading security organizations—including Cisco® Talos, FireEye®, and Akamai—in alerting corporations and the public to the recent widespread, state-sponsored domain name system (DNS) hijacking attacks. The targets of these recent attacks include government, corporate, telecommunication, and infrastructure entities resulting in website and email redirection to collect sensitive information. We urge companies to stay vigilant and employ security protocols to reduce exposure.
“DNS attacks can lead to criminals redirecting web traffic away from a legitimate site to a rogue site, putting customers and companies at great risk,” says Mark Flegg, product director for Security Services at CSC. “The recent attacks are complex and vicious, exploiting weaknesses in DNS infrastructure that many companies set up once, then neglect. We strongly advise clients to use the tools and recommendations available to get their digital infrastructure secure.”
In response to DNS hijacking risk and other cyber crime, CSC introduced CSC Security CenterSM in 2018. It’s an online interface powered by advanced proprietary algorithms designed to expose security blind spots across domain names, DNS, and digital certificates that make vital online brand assets susceptible to DNS hijacking, phishing, and distributed denial of service attacks.
“Domain and DNS hijacking are not new security threats, which is why we developed CSC Security Center and are encouraged that hundreds of the world’s largest companies are using it to help protect these critical online elements that enable them to operate,” says CSC Digital Brand Services General Manager Mark Calandra. “The sophistication and impact of the recent wave of attacks serves as a wakeup call that effectively managing domain names, DNS, and digital certificates needs to be a critical component for enhancing the security posture of any company with an online presence.”
CSC Security Center proactively identifies business-critical domains, and monitors them continually to ensure they’re protected. This includes checking for registry- and registrar-level locks that prevent unauthorized changes, reviewing user permissions, and verifying that security-focused, enterprise-class DNS hosting and digital certificates are implemented.
“The new CSC Security Center was a welcome surprise,” says Altan Changezi, lead infrastructure architect at Manulife. “It very quickly allows me to see—at a high level—our overall digital asset configuration at CSC. This includes the status of our most vital domains, as well as the number of users with privileged access to our CSC-managed web portals. The tool allows us to make proactive decisions to take control of our assets, as well as secure our accounts.”
The constant identification and monitoring of vital domains alerting companies to security blind spots allows them to take quick action to reduce real-world online threats to their web presence, customer data, and business-critical functions.
“CSC Security Center has shown us where we needed to consolidate providers, update our permissions and security protocols to be consistent with the importance of the website, and much more,” says John Howell, IT operations manager at Football Federation Australia. “The interface is user friendly and alerts us to where we need to keep watch or increase security. I’ve never seen anything like it before, and knowing I can chat with my CSC rep about any of the security blind spots that are revealed—and get protected right away—gives us peace of mind that our data and customers are protected.”
CSC Security Center helps clients reduce exposure to cyber crime by providing them a single view into all risk areas.