The internet’s address book keeper has warned of an “ongoing and significant risk” to key parts of the domain name system infrastructure, following months of increased attacks.
The Internet Corporation for Assigned Names and Numbers, or ICANN, issued the notice late Friday, saying DNS, which converts numerical internet addresses to domain names, has been the victim of “multifaceted attacks utilizing different methodologies.”
It follows similar warnings from security companies and the federal government in the wake of attacks believe to be orchestrated by nation state hackers.
In January, security company FireEye revealed that hackers likely associated with Iran were hijacking DNS records on a massive scale, by rerouting users from a legitimate web address to a malicious server to steal passwords. This so-called “DNSpionage” campaign, dubbed by Cisco’s Talos intelligence team, was targeting governments in Lebanon and the United Arab Emirates. Homeland Security’s newly founded Cybersecurity Infrastructure Security Agency later warned that U.S. agencies were also under attack. In its first emergency order amid a government shutdown, the agency ordered federal agencies to take action against DNS tampering.
ICANN’s chief technology officer David Conrad told the AFP news agency that the hackers are “going after the Internet infrastructure itself.”
The internet organization’s solution is calling on domain owners to deploy DNSSEC, a more secure version of DNS that’s more difficult to manipulate. DNSSEC cryptographically signs data to make it more difficult — though not impossible — to spoof.
But adoption has been glacial. Only three percent of the Fortune 1,000 are using DNSSEC, according to statistics by Cloudflare released in September. Internet companies like Cloudflare and Google have pushed for greater adoption by rolling out one-click enabling of DNSSEC to domain name owners.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
DNSSEC adoption is currently at about 20 percent.
How Trump’s government shutdown is harming cyber and national security
