Domain name server hijacking, also known as DNS hijacking, is a top concern for many enterprises looking for tighter network security.
Even if you aren’t enterprise-level, you should know more about DNS hijacking and how to prevent it because it represents one of the biggest cybersecurity threats right now.
- 1 1. Domain Server Hijacking Can Be Used for Pharming or Phishing
- 2 2. There Are Four Main Types of These Attacks
- 3 3. Redirection is not the Same As Spoofing
- 4 4. The U.S. Department of Homeland Security Spoke Out About DNS Attacks
- 5 5. These Attacks Are Growing
- 6 6. Traditional Security Measures Aren’t Effective
- 7 7. You Need Specialized Protection
1. Domain Server Hijacking Can Be Used for Pharming or Phishing
DNS hijacking is also called DNS redirection. In this type of attack, DNS queries are incorrectly resolved. The result is that your user is redirected to a malicious site.
In order to carry it out, the attacker either installs malware on devices, takes over routers, or hacks DNS communication.
DNS hijacking can be used for phishing to steal data or credentials using fake sites. It can also be used for pharming, where the attackers will display ads to generate revenue.
Governments sometimes use DNS hijacking as a way to facilitate censorship. It’s a means to redirect users to a government site.
A DNS is what translates URLs into IP addresses. If you aren’t clear on the process, when you type in a web address, a request is sent to a DNS resolver. The resolver is the computer that tracks down the IP address. The DNS resolver communicates with the top-level domain and root servers. Then your computer gets a response.
2. There Are Four Main Types of These Attacks
Under the larger umbrella of DNS hijacking are four specific types of attacks.
The first is the local DNS hijack. The attacker will put malware on a computer and then change local DNS settings. This leads to redirection to a malicious site.
A router DNS hijack overwrites DNS settings. With this type of attack, any user connected to the router is affected.
During a man-in-the-middle DNS attack, communication moving between the user and DNS server is intercepted, and then a different IP address is provided, which goes to a malicious site.
With a rouge DNS server attack, the DNS records are changed, resulting in redirected DNS requests.
3. Redirection is not the Same As Spoofing
There are DNS spoofing attacks, and in this instance, traffic redirects from a real website to one that’s malicious. A DNS spoof attack can be facilitated by DNS redirection.
There’s another type of DNS spoofing attack called cache poisoning. Cache poisoning doesn’t use DNS hijacking.
Rather than physically taking over DNS settings, which is what happens with a DNS hijack, the DNC cache is poisoned with a fake entry. That entry has an alternative destination for the domain name.
Until a cache is refreshed, the DNS server continues to resolve the domain to the malicious website.
4. The U.S. Department of Homeland Security Spoke Out About DNS Attacks
In 2019, the U.S. Department of Homeland Security issued an emergency directive requiring all U.S. federal civilian agencies to secure their login credentials for their domain records. The DHS published a list of domain names and Internet addresses used in what was called the DNSpionage campaign.
The name was given by the Cisco Talos research division, and it was a sophisticated cyber-spying campaign.
According to Talos, the attackers of DNSpionage were able to steal login and email credentials from government and private sector organizations in Lebanon and the UAE. They did so by hijacking DNS servers, and all VPN traffic was redirected to an internet address controlled by the cybercriminals.
The Talos report also said the DNS hijacks allowed the attackers to obtain the SSL encryption certificates for the targeted domains, so they could then decrypt emails and VPN credentials.
5. These Attacks Are Growing
When you face a DNS attack, then you can’t reach your apps or services, which is why DNS servers are such a big target.
In the past year, 79% of companies have experienced a DNS attack leading to damage, including loss of business, data theft, and application downtime.
6. Traditional Security Measures Aren’t Effective
Traditional solutions, including Next-Generation firewalls or IPS aren’t effective in providing comprehensive DNS protection. There’s incomplete coverage, and these security tools aren’t able to handle high-volume attacks. Behavioral threat detection isn’t included in these security protocols and tools either.
7. You Need Specialized Protection
With the above in mind, the best way to protect against DNS hijacking and similar attacks is to use a holistic solution to protect your public and private DNS infrastructure.
This is part of what a lot of organizations are doing to put in place Zero Trust network security protocols, meaning end-to-end security.