- My cat loves this automatic wet food feeder, and it's on sale
- Certified and Unstoppable: Recertify with Rev Up
- Walmart's drone delivery spreads its wings to 100 more stores - is yours one?
- Meta Ray-Bans for 20% off is a great deal on one of my favorite products
- Control content chaos without compromising security
DNS Hijacking, A Major Cyber Threat for the UK Government
Cyber threat actors, both nation-state and criminal groups, are actively hijacking internet domains to use them in their malicious campaigns.
Nick Woodcraft, Service Owner for Vulnerability Monitoring for the UK Government Digital Service, was invited on a panel at Infosecurity Europe 2025 on June 5.
He shared his experience within the UK government to implement measures to protect domains within the .gov.uk DNS namespace, which is a crucial link between the citizens, government employees and the services of the state.
During his talk, Woodcraft described the .gov.uk namespace as a “complicated beast,” with over 7000 different subdomains across 4000 organizations.
“These encompass a broad range of sizes, from large government agencies to individuals managing small parish councils,” he explained.
Gordon Dick, a Registry Services Specialist at Nominet, collaborates with Woodcraft to secure the .gov.uk namespace.
Invited to the same panel, he noted that these subdomains face numerous cyber threats, with the primary one being DNS hijacking—a type of DNS attack where an attacker intentionally manipulates how DNS queries are resolved to redirect users to malicious websites.
DNS Threats, A Top-Tier Risk for the Government
Appointed at the UK Government Digital Service, part of the Department for Science, Innovation and Technology (DSIT), in 2018, Woodcraft collaborated with Infoblox and Nominet to enhance the security of the government’s DNS namespace.
He said the work he and his partners have done can be described in four major steps:
- They obtained recognition of DNS threats as a top-tier risk by the UK Cabinet Office
- They designated someone to bear ownership for the .gov.uk DNS namespace
- They mapped out all the subdomains linked to the namespace and associated contextual information (e.g. expiration dates and ownership of each subdomain) and listed their inventory into a “massive” database
- They continuously monitor all subdomains on a daily basis
“Today, we can monitor on behalf of each organization using one of our subdomains and go and tell them where the risks and threats are, warn them about potential issues and expiring domains,” Woodcraft explained.
DNS Security Recommendations
During the panel session, Woodcraft offered advice for organizations looking to mitigate DNS threats.
These included:
- Make sure people monitoring your domains have a good understanding of how DNS works and are trained to detect and mitigate DNS threats like DNS hijacking
- Check that your registrar and hosting provider enables the state-of-the-art security, including two-factor authentication (2FA)
- Make sure domains in your supply chain are also implementing the best security measures possible
- Monitor potential lookalike domains that look similar to your own domains and could be used for malicious purposes
Read more: APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning
