Domain name server (DNS) Hijacking Show
Domain Name Server (DNS) hijacking, also named DNS redirection, is a type of DNS attack in which DNS queries are incorrectly resolved in order to unexpectedly redirect users to malicious sites. To perform the attack, perpetrators either install malware on user computers, take over routers, or intercept or hack DNS communication. DNS hijacking can be used for pharming (in this context, attackers typically display unwanted ads to generate revenue) or for phishing (displaying fake versions of sites users access and stealing data or credentials). Many Internet Service Providers (ISPs) also use a type of DNS hijacking, to take over a user’s DNS requests, collect statistics and return ads when users access an unknown domain. Some governments use DNS hijacking for censorship, redirecting users to government-authorized sites. DNS hijacking attack typesThere are four basic types of DNS redirection:
Redirection vs. DNS spoofing attackDNS spoofing is an attack in which traffic is redirected from a legitimate website such as www.google.com, to a malicious website such as google.attacker.com. DNS spoofing can be achieved by DNS redirection. For example, attackers can compromise a DNS server, and in this way “spoof” legitimate websites and redirect users to malicious ones. Cache poisoning is another way to achieve DNS spoofing, without relying on DNS hijacking (physically taking over the DNS settings). DNS servers, routers and computers cache DNS records. Attackers can “poison” the DNS cache by inserting a forged DNS entry, containing an alternative IP destination for the same domain name. The DNS server resolves the domain to the spoofed website, until the cache is refreshed. Methods of mitigationMitigation for name servers and resolversA DNS name server is a highly sensitive infrastructure which requires strong security measures, as it can be hijacked and used by hackers to mount DDoS attacks on others:
Mitigation for end usersEnd users can protect themselves against DNS hijacking by changing router passwords, installing antivirus, and using an encrypted VPN channel. If the user’s ISP is hijacking their DNS, they can use a free, alternative DNS service such as Google Public DNS, Google DNS over HTTPS, and Cisco OpenDNS. Mitigation for site ownersSite owners who use a Domain Name Registrar can take steps to avoid DNS redirection of their DNS records:
In which type of attack is falsified information used to redirect users to malicious Internet sites ARP cache poisoning?Cache poisoning is a type of cyber attack in which attackers insert fake information into a domain name system (DNS) cache or web cache for the purpose of harming users. In DNS cache poisoning or DNS spoofing, an attacker diverts traffic from a legitimate server to a malicious/dangerous server.
Which protocol would be the target of a cushioning attack?Which protocol would be the target of a cushioning attack? Explanation: The HTTP 302 cushioning attack is used by cybercriminals to take advantage of the 302 Found HTTP response status code to redirect the browser of the user to a new location, usually a malicious site.
What type of malware has the primary objective of spreading across the network?What type of malware has the primary objective of spreading across the network? The main purpose of a worm is to self-replicate and propagate across the network. A virus is a type of malicious software that needs a user to spread.
Which technology is a proprietary SIEM system?Explanation: Security Information Event Management (SIEM) is a technology that is used in enterprise organizations to provide real-time reporting and long-term analysis of security events. Splunk is a proprietary SIEM system.
|