Canadian Shield offers DNS-based protection against malware and phishing attacks
The Canadian Internet Registration Authority (CIRA) has launched a national Domain Name System (DNS) service and is giving early access to healthcare workers, small businesses, and educational institutions.
CIRA Canadian Shield is a free DNS filtering service designed to block malware and phishing threats at the DNS level, with Android and iOS apps available to protect mobile devices.
Planned eventually for a full national rollout, it has three levels: ‘Private’, offering DNS resolution only; ‘Protected’, adding malware and phishing protection; and ‘Family’, which also blocks adult website content.
Keeping .ca safe for key workers
The move to launch the Canadian Shield service comes in light of the coronavirus pandemic, which has triggered a rise in cyber-attacks of all kinds.
Last month, for example, it emerged that hackers were hijacking routers and changing DNS settings to redirect victims to a malware-serving website that delivers the Oski infostealer, with more than a thousand users affected.
All in all, says BitDefender, reports of coronavirus-themed malware increased five-fold in March from the month before.
“Canada’s internet is holding strong against this unprecedented situation. Unfortunately, bad actors will always try to exploit a crisis,” says CIRA’s chief technology officer Jacques Latour.
“As such, CIRA is extending access to the infrastructure and tools we use to keep the .ca domain system safe to those who are helping to keep Canada running.”
According to CIRA, the DNS is leveraged in more than 90% of all malware and phishing attacks. But, it says, CIRA Canadian Shield analyzes billions of DNS queries and blocks sites known to contain malware – roughly 100,000 new malicious domains per day.
Threat intelligence for CIRA Canadian Shield comes mainly from Akamai, as well as other third-party feeds from both commercial cybersecurity vendors and the open source community.
Meanwhile, the system also uses machine learning and AI to detect patterns in apparently unrelated DNS lookups and block malicious activity. Threats can be added to the list within minutes of appearing anywhere on the web, according to CIRA.
Any personal data handled by the service is held within the borders of Canada, with data centers located in Vancouver, Toronto and Montreal – making the service faster as well as more secure.
Defense in DNS
CIRA Canadian Shield isn’t unique in itself – similar offerings are available from a number of commercial suppliers, and the UK has a similar service for public sector organizations called Protective Domain Name Service (PDNS). However, it appears to be the world’s first free national DNS service.
“Using a service like this is an excellent idea. Defence in depth is still a valid concept, and this is another layer of security,” Chris Dodunski, CEO of Canadian cybersecurity firm CyberHunter Solutions, told The Daily Swig.
“The quality of the service will, in a large part, depend on the threat intelligence that is used to block malicious sites. High-quality threat intelligence with up to date indicators – IP addresses, URLs and URIs – is key.”
There may also be issues around the way CIRA shares data with law enforcement, says Dodunski.
“Although CIRA states that ‘information that could be considered personal is stored for up to 24 hours for the purpose of stopping malicious activity’, I would say this statement is subjective,” he says.
“Subjective rules can be abused or ignored. For Canadian law enforcement, this is a very contained way to gain access to what Canadians are doing online, so the potential for abuse by law enforcement could be relatively high.”