4 Most Common Types of DNS-based Attacks to be Aware of
The internet is a system of computers communicating with each other. But really, it’s a system of people talking to each other, and using computers to do it. An important step in this chain is called the Domain Name Service, or DNS. Your domain name is the actual name of your website in English (or your native language), which links the IP address (a series of numbers, now including letters, used for more specific identification) of your site. The domain name registrar is the organization that manages the reservations of your domain name from the available combinations of letters in the world. The letters after the dot (Google.COM, Whitehouse.GOV) are called a Top Level Domain, or TLD.
The Domain Name Service was initially designed without too many security considerations because, in the early days of the Internet, it was not designed with a huge user base in mind or with the notion that it could be misused. Therefore the DNS protocol is vulnerable to attack and abuse. A new software is always being written to improve the efficiency and safety of the protocol, but, as in the real world, a door that opens is a door that can be forced open.
Here are some of the attacks you should know about.
What it is:
Malware is a catch-all word that includes any type of trojan horse, spyware, viruses and worms, ransomware, spyware, and so on. Basically, anything that turns your computer from a tool that you use into a tool that the hacker uses. Depending on the type of software, it may be monitoring your clicks to steal your passwords, using your computer’s or even CRM’s resources to power their cryptocurrency mining operation, or out and out block you from accessing your computer. Many times your computer is used for illegal activities, like being harnessed for a DDoS attack or hosting child pornography.
- Keep your operating system updated regularly.
- Remove old software you don’t use.
- Enable click-to-play plugins.
- DNS based security that uses a combination of reputation, behavioral and signature-based methods to protect your data and prevent the spread of malware.
- Ensuring your entire security architecture works in unison, sharing data and intelligence for rapid threat containment
What it is:
Distributed Denial of Service, or sometimes just Denial of Service, means to overwhelm a service provider’s or an enterprise’s infrastructure with far greater requests than their capacity. If you’ve ever seen those old comedy sketches where a person comes back from a vacation, opens the door, and is immediately buried by stacks of unread mail, it’s something like that.
Arranging a DDoS can cost only $150 on the black market, but the cost to you of a successful attack has been estimated at $100-$6,000 every minute—not counting the collateral effects of losing customers; on top of that, the DDoS is sometimes a cover for injecting even worse malware.
- A cloud-based anti-DDoS solution that can filter or absorb attacking traffic.
- DNS based DDoS protection built into DNS servers that can mitigate not just volumetric DNS DDoS but also lower volume exploits and anomaly attacks that can crash the DNS server
What it is:
Also known as “DNS Spoofing,” this is another technique that corrupts the domain name system. Two terms to know are “cache”, which is space reserved in your computer’s memory to more quickly load frequently accessed data, and “DNS resolver”, which is the mechanism that translates the IP address to the domain name on the client side (that’s you). Much like your computer has a cache of data, the DNS resolver does too. So, when you look up your favorite search engine or social network, it won’t waste a nanosecond looking up something it already knows.
Cache poisoning is when the hacker tunnels into that cache and misdirects a domain name to an incorrect IP address. That website can, for example, look like your banking website, and steal your identity when you put your real password into their fake website.
- Limit recursive queries
- Store only data related to the requested domain
- Maintain DNS cache to delete old IP addresses that aren’t frequently used
Data Exfiltration via DNS
What it is:
Exfiltration, if you’ve only heard the word from action movies, is a military term for “escape.” In the context of computers, it means the illicit release of data. It can be in-person or over a network. Data leaks can lead to ruined lives and losses of millions of dollars, if not more. On top of the damage done by the leak itself, lawsuits and criminal prosecutions can add additional penalties, some north of $100 million.
- Make use of blacklists of randomly generated fake domain names that would if not blocked, direct traffic to these sites and possibly steal data within the data payload.
- Employ Cloud DNS protection that uses the latest algorithms capable of protecting data payloads.
The most incredible thing about security is the small amount of effort and money it takes to create catastrophic damage. Similarly, an ounce of prevention (and in this case: security) is worth many pounds of cure. There is no such thing as “the latest” security updates, the only way to prevent, or at least significantly lower the risk, of being the victim of a cyber-attack is to have a defense in depth strategy to plug any security gaps like DNS, share data and threat intelligence across the entire security infrastructure and leverage multi-pronged approach for threat detection to detect not just known threats but also zero-day attacks.
About the author:
Reuben Yonatan is the founder @ GetVoIP -- an industry leading business comparison guide that helps companies understand and choose a VoIP system for their specific needs. Follow on Twitter @ReubenYonatan
Note: This article is written by a guest blogger. The author is solely responsible for all opinions expressed in the article.