Have you ever typed in a URL of a website that you wished to visit only to find yourself on the home page of another website? And then you probably thought you had made a mistake and tried the process a second time? What you did not know is that you might have been a victim of DNS (Domain Name Server) Hijacking. Also known as DNS redirection, this refers to a form of DNS attack where the attackers try to tackle your DNS queries indirectly and then redirect the traffic meant for your website to a fake malicious one. A good way to curb this is using a Domain Validated SSL Certificate.
You can consider DNS to be like the very heartbeat of the internet. Or like a mammoth phone book of the web. Organizations use the internet in a very major way to interact and transact business with their customers in this digital age and should there be a DNS attack, a major breach of trust comes into play. If for instance a trusted customer was trying to log on to your website as they routinely do and they were hijacked to another malicious website where they may be filled in their payment card details as usual but ended up losing a fortune, that customer may not be able to trust your organization again. DNS attacks have led to billions of dollars being lost by organizations and customers.
Most DNS attacks can fall into two categories known as Pharming and Phishing. In the case of Pharming, the sole aim of the attacker is to redirect you to another website that may contain pop ups and ads meant to generate the attacker some revenue. Phishing on the other hand is where the attacker creates an imitation of the site that you’re trying to reach to steal sensitive data like login info and payment credentials. The U.S. Department of Homeland Security recently issued a global alert of an ongoing DNS threat known as “DNSpionage” that is targeting governments and commercial organizations mainly in the Middle East and North Africa and some parts of Europe and the US.
4 Common Types of DNS Hijacking Attacks
- Man, in the Middle DNS Hijack
Here the attacker acts as a middleman in the communication between the user and the DNS server, serving a fake IP address that will redirect the user to a malicious website.
- Router DNS Hijack
An attacker will target a DNS router in this case, change the settings and thus affect all users connected to that router.
- Rouge DNS Hijack
In a Rouge DNS Hijack, the attacker is solely after your traffic where they will change all your DNS records to send traffic to their website.
- Local DNS Hijack
Here the attacker will install Trojan malware into your computer and then alter your local DNS configurations to send traffic to their website.
Strong Tips to Protect Yourself from DNS Hijacking
- Employ DNSSEC (Domain Name System Security Extensions)
DNSSEC refers to a security extension added to a DNS system that will add a layer of protection to prevent hacks and hijacks while still maintaining compatibility and adaptability to older and future DNS versions. Adding a Domain Name System Security Extension to your DNS server will surely strengthen it and kick malicious attackers to the curb.
- Set up configuration for Master-Slave DNS in your network
When maintaining your DNS servers, it’s important to employ a Master-Slave DNS just behind your firewall with no internet access whatsoever. Your main DNS servers will certainly have internet access, and should they be breached by an attacker, he will be shocked to find a wall he can’t surpass because the Master will be keeping guard behind your firewall.
- Strong user controls and password policies
Your DNS servers will be managed by your IT team using web interfaces. To make the system foolproof, every member of the team must be well informed about strong password policies. Similarly, restrict DNS server management access to only those who need to have it within your IT team to minimize the risk of DNS attacks.
- Disable DNS recursion to ward off DNS poisoning attacks
Most Bind servers on Linux come with DNS recursion enabled by default which can be risky in many ways. When DNS recursion is enabled, your DNS server has simply allowed recursive queries from third party hosts which is like setting up a red carpet for DNS hijackers.
- Always keep your DNS servers up to date
Running your own Domain Name Servers is beneficial in that it gives you the freedom to configure, try and test things as you see fit. Whichever software you decide to use to run your DNS server like BIND or Microsoft DNS, it’s important to always keep it up to date to avoid falling victim to exploits from known bugs and vulnerabilities. These companies always release patches to fix such vulnerabilities so always ensure you’re the first to implement them.
In conclusion
If your organization plans to survive in this digital age, it must tap on the immense opportunities that the internet provides and to do so, a DNS server is a must. With the recent upsurge of DNS Hijacking attacks like the recent DNSpionage threat that is targeting governments and commercial organizations, it’s important to guard your DNS servers against these malicious attacks. A Domain Validated SSL Certificate of Comodo is one sure way to secure your website against harmful DNS attacks.
Leave a Reply