Boss Lady

Businesses need to protect against increasing DNS attacks


The coronavirus pandemic is moving businesses increasingly to focus on their online presence, with the website now becoming the crucial ‘shop window’.  But this has led to more incidents of DNS attacks and hijacks from malicious sources, with reports noting a 1000% increase over 2018, and the cost to targeted businesses similarly growing.

If your business operates over a network, then you need to learn about DNS attacks and the threat they pose to your operations.

DNS attacks involve malicious access or manipulation of your domain name system. If left unchecked, one can quickly disrupt service or redirect traffic. As you can imagine, both scenarios are disastrous and will compromise the integrity of your network.

Fortunately, you can prevent most DNS attacks if you know how they work and where your vulnerabilities are. This begins with understanding the different types of DNS attacks that you might be facing.

We’ll explain four of the most common types of DNS attacks below to give you an idea of what to expect.

DNS tunneling

The first type of DNS attack is DNS tunneling.

DNS tunneling is done with the primary directive of bypassing a firewall. A good firewall is a decent start against viruses and malware, but many smart hackers know how to bypass them.

One of the ways they do this is by tunneling through the DNS. This is a tricky style of DNS attack because of how deceptive it is.

When DNS tunneling occurs, a hacker will hide malicious programs or scripts in DNS queries. As these are pulled, users will be affected by the DNS tunnel.

Because firewalls don’t cover the DNS, this effectively turns it into a perfect route for malware attacks. DNS tunneling takes advantage of the natural openness of the DNS.

DNS hijacking

DNS hijacking is another attack to watch for.

Similar to DNS tunneling, DNS hijacking is done to manipulate a user’s experience. Rather than directly infecting them with malware, DNS hijacking will instead redirect them to a malicious website.

For example, if a user enters the standard domain of the most commonly used website on your network and it is currently hijacked, then they can be sent wherever the hacker chooses.

In some situations, they may be sent to a website that mirrors the one they’re looking for. This is particularly scary because they may feel safe entering sensitive information like login credentials, which are then saved for a hacker.

DNS hijacking is very concerning and not always simple to detect. It can originate from infected hardware or a direct interception, so you need to cover both areas.

Cache poisoning

One of the most common approaches to DNS attacks is cache poisoning, also known as DNS spoofing.

Cache poisoning involves a similar outcome to DNS hijacking, but how it happens differs. Both DNS attacks seek to redirect DNS queries.

What makes cache poisoning different is what hackers target. Rather than starting from infected hardware, cache poisoning involves sabotaging the DNS cache.

Typically, cache poisoning will create an abundance of false DNS responses. These will be sent to each DNS query in an attempt to correctly enter the right ID and connect with one.

This type of DNS attack is also hard to identify. DNSSEC is your best solution for keeping the DNS cache clean.

DNS amplification

The last major DNS attack category to be aware of is DNS amplification or distributed denial of service (DDoS).

A DNS amplification/DDoS is unlike the other three attacks mentioned above. It aims primarily to disrupt service rather than gaining access or stealing information. While it may seem less significant, its impact can be just as disrupting.

DNS amplification works by overloading your network. An attack will start by sending a seemingly small DNS query that requires a much larger response.

This is then ramped up by increasing the number of false DNS queries being sent. Eventually, your network bandwidth will be consumed by the volume of large responses.

When this happens, other network operations cannot continue. This makes a DDoS attack particularly effective at bringing your whole network down.

It’s nearly impossible to overlook a DNS amplification attack in progress. If network functions are seemingly slowed or unavailable for no obvious reason, a DDoS attack may be the cause.

Closing thoughts

DNS attacks are the biggest threat posed to your domain name system. These aim to impact DNS queries to steal information, gain private access, and stall operations.

What makes DNS attacks difficult to manage is how many different types there are. The four main types that you should be watching for include DNS tunneling, DNS hijacking, cache poisoning, and DNS amplification.

While addressing a DNS attack in-progress may not be simple, protecting your DNS is. Make sure to use domain name system security extensions (DNSSEC) to keep all DNS queries secured and valid.

About Susan Melony'

Recommended for you