Welcome to 2019!
On the 22nd January 2019 the Department of Homeland Security put out an Emergency Directive advising that they were tracking a number of “incidents” regarding Domain Name Systems tampering.
The full article can be found below but the advisory indicates that the attackers are taking over DNS records and redirecting traffic to attacker owned servers, and appear to be able to do this after obtaining valid user credentials. Systems like external DNS servers are frequently hosted by external companies, rarely accessed and easily forgotten about.
We would strongly recommend checking and comparing known leaked credentials with those used to manage your DNS settings and any other external applications used by your organisation, and resetting any that have been exposed. Please run a scan if you would like us to perform a credential discovery on your business. We would be happy to help.