SYSTEM BASED ATTACK- DNS SPOOFING

What is domain name system (DNS) spoofing

Domain Name Server (DNS) spoofing (a.k.a. DNS cache poisoning) is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.

Once there, users are prompted to login into (what they believe to be) their account, giving the perpetrator the opportunity to steal their access credentials and other types of sensitive information. Furthermore, the malicious website is often used to install worms or viruses on a user’s computer, giving the perpetrator long-term access to it and the data it stores.

Methods for executing a DNS spoofing attack include:

  • Man in the middle attack(MITM) – The interception of communications between users and a DNS server in order to route users to a different/malicious IP address.
  • DNS server compromise – The direct hijacking of a DNS server, which is configured to return a malicious IP address.

DNS spoofing mitigation using domain name server security (DNSSEC)

DNS is an unencrypted protocol, making it easy to intercept traffic with spoofing. What’s more, DNS servers do not validate the IP addresses to which they are redirecting traffic.

DNSSEC is a protocol designed to secure your DNS by adding additional methods of verification. The protocol creates a unique cryptographic signature stored alongside your other DNS records, e.g., a record and CNAME. This signature is then used by your DNS resolver to authenticate a DNS response, ensuring that the record wasn’t tampered with.

While DNSSEC can help protect against DNS spoofing, it has a number of potential downsides, including:

  • Lack of data confidentiality – DNSSEC authenticates, but doesn’t encode DNS responses. As a result, perpetrators are still able to listen in on traffic and use the data for more sophisticated attacks.
  • Complex deployment – DNSSEC is often misconfigured, which can cause servers to lose the security benefits or even deny access to a website altogether.
  • Zone enumeration – DNSSEC uses additional resource records to enable signature validation. One such record, NSEC, is able to verify the non-existence of a DNS zone. It can also be used to walk through a DNS zone to gather all existing DNS records—a vulnerability called zone enumeration. Newer versions of NSEC, called NSEC3 and NSEC5, publish hashed records of hostnames, thereby encrypting them and preventing zone enumeration.

DNS ATTACK SURFACE

PC-“IDC INFOBRIEF “

The most common DNS-related attack tactic was phishing, which was mentioned by 39 percent of those surveyed. The second most common type of malware was DNS-based malware, which was reported by 34%.DDoS attacks (27 percent), DNS amplification (21 percent), false positive triggering (19 percent), and DNS tunneling were among the other common attack methods (17 percent ).

DNS TRENDS

  1. Malaysia had the largest cost-per-attack rise of 78 percent, with an average cost-per-attack of $787, 200. India and Spain are the other two countries in the top three.
  2. In Asia, while India experienced an increase of 32%, Singapore’s damages declined by 12%, against the regional average increase of 15%.
  3. Damages in Asia increased dramatically from $792,840 last year to $908,140 this year. India, France, and Germany were the countries with average damages above $1,000,000.
  4. 26% of organizations reported sensitive customer information being stolen, compared to 16% in 2020.

Source: CISO mag

DNS prevention methods

Important steps you should be taking to prevent DNS poisoning.

  1. Security Extensions: DNS Security Extensions (DNSSEC) is largely regarded as one of the most effective protection mechanisms available. DNSSEC uses digital signatures and advanced encryption mechanisms to validate the legitimacy and authenticity of a DNS request.
  2. Active Monitoring: It’s critical to keep an eye on DNS data and look for new trends that could indicate the presence of an attacker, such as the appearance of a new external host.
  3. Password Policies: It’s critical to persuade your customers to establish password protection procedures. A weak router password might put all of their company’s devices and users at risk.
  4. DNS Updates: To assist defend against DNS attackers, updated versions of DNS include port randomization and cryptographically secure transaction IDs. Make sure the DNS server you’re using is up to date at all times.