DNS Hijacking: A Significant Cybersecurity Threat to the UK Government

Cyber threat actors, including both nation-state and criminal groups, are increasingly hijacking internet domains to further their malicious agenda.

Nick Woodcraft, Service Owner for Vulnerability Monitoring at the UK Government Digital Service, recently participated in a panel discussion focused on enhancing domain security within the .gov.uk DNS namespace, a critical connection for citizens and government services. The session took place during an industry event on June 5, 2025.

Woodcraft characterized the .gov.uk namespace as a “complicated beast,” comprising over 7,000 subdomains linked to around 4,000 various organizations. He noted that these subdomains vary in size, representing a spectrum from substantial government agencies to individual parish councils.

Gordon Dick, a Registry Services Specialist at Nominet, joined Woodcraft on the panel and highlighted that these subdomains are vulnerable to numerous cyber threats, with DNS hijacking being a predominant concern. This attack strategy involves attackers manipulating the resolution of DNS queries to redirect users to harmful websites.

DNS Threats: A High-Risk Concern for the Government

Since his appointment to the UK Government Digital Service in 2018, Woodcraft has collaborated with partners such as Infoblox and Nominet to bolster the security framework of the .gov.uk DNS namespace. He outlined their approach through four essential steps:

1. Achieving acknowledgment of DNS-related threats as a top-tier risk by the UK Cabinet Office.
2. Appointing a designated owner for the .gov.uk DNS namespace.
3. Conducting a comprehensive inventory of all subdomains, capturing critical contextual information such as expiration dates and ownership, which was compiled into a large database.
4. Implementing ongoing daily monitoring of all subdomains.

Woodcraft stated, “Today, we can monitor on behalf of each organization using one of our subdomains and inform them of risks and potential issues, including those related to expiring domains.”

Recommendations for DNS Security

During the panel discussion, Woodcraft provided vital recommendations for organizations striving to mitigate DNS-related threats, which include:

– Ensuring that individuals responsible for monitoring domains possess a thorough understanding of DNS mechanisms and are equipped to identify and counter DNS threats like hijacking.
– Verifying that registrars and hosting providers implement advanced security measures, including two-factor authentication (2FA).
– Monitoring security practices across supply chains to ensure that domains managed by third parties adhere to optimal security standards.
– Keeping an eye on potential lookalike domains that could be misused for deceptive purposes.

These strategies are essential for strengthening domain security amidst rising cyber threats and ensuring the integrity of governmental digital communications.