Domain Name Service (DNS) translates hostname into its IP address. DNS, for this reason, is a nice target for hackers. The avalanche of information and data a hacker can have complete control of whenever there is a successful takeover of a server or simply use DNS implementation to misdirect traffic can be rather awesome and that is why businesses should take DNS attacks from leaks very seriously.
All the client connections a business has are usually oriented at the DNS and that is why it is a very sensitive spot. A DNS can mostly be hacked from two main positions, which are:
- Using protocol attacks which is based on how DNS is actually working.
- Using server attacks which is based on the bugs or flaws of the progress or machines running DNS services.
The following are the five major ways used by hackers to wreak untold havoc on organizational DNS attacks.
- Typosquatting
Hackers are able to get valuable information meant for a corporation to be misdirected to another that was purposefully registered with a name that is similar to the first.
Researchers from the Godai Group who wanted to find out how hackers were able to achieve this feat, found out that they could and were able to successfully obtain as much as 120,000 corporate emails in a fell swoop.
They were able to do this by simply typosquatting certain domains complete with similar WordPress themes and plugins. They ended up by setting up catch-all email accounts.
They concluded that it provided an ample opportunity for a hacker to steal passwords, sales information, and other trade secrets. They were able to postulate that a more sophisticated attack could lead to the stealing of highly confidential information from both the email sender and the recipient.
Typosquatting is made much easier by the fact that a lot of information about a new domain registration is freely available with registries.
- Registrar hijacking
Another area through which hackers are able to utilize the free information available from domain name registrars is registrar hijacking.
They are able to compromise the DNS commercial account, they, therefore, take control of the domain, transfer ownership and point it to servers they control. They are able to do this by breaking your passwords or socially engineering the registrar’s support personnel.
- ID hacking
Before queries and answers are identified, your ID number must be provided. When a hacker accesses your ID number it becomes rather easy to impersonate a DNS server.
ID hacking is made all the easier by the Local area network (LAN), enhancing of a common communications line or wireless link to a server. The hacker has only got to answer the initial query faster than the DNS and the real answer is discarded.
- Cache poisoning
Hackers can send a wrong record that will map a name to a wrong IP address. Cache poisoning is done in conjunction with DNS spoofing and DNS ID hacking.
The attackers tend to exploit vulnerabilities or poor configuration to inject fraudulent addressing information into caches.
This results in unsuspecting users accessing the cache to visit the targeted site finding themselves instead at a server completely under the control of the attackers.
Since the attacker’s website would have been configured in all ways including WordPress themes, plugins, and landing page to look exactly similar to that of the target’s official site, there is no way the user could have found out, until all the required data and information have changed hands.
- Bind security considerations
DNS servers across the internet that make use of BIND implementations are usually not up to date. This results in the fact that a significant fraction of DNS servers is vulnerable to compromise.
Poor exception handling and boundary checking have been found to be responsible for these.
The question that should be on everybody’s lips is what to do in the face of this great havoc being wrecked by DNS hackers?
Undoubtedly, available information point to a DNS leak as a compromise of your VPN, which actually should establish an encrypted connection ( usually called a “tunnel”) between your PC and the VPN server; with the VPN server sending your request to the required website.
One of the best ways to stay safe from DNS attacks is to constantly check your VPN for leaks of your DNS requests. You can make use of in-browser tools such as that of AirVPN or VPN.ac to test whether your VPN has a DNS or other forms of a data leak, and then take countermeasures against such leaks if there are any.
Photo Credit: mannoo2000 Flickr via Compfight cc
