CYBER CRIMINALS ARE COMPROMISING YOUR DOMAIN NAMES AND DNS
Domain name and domain name system (DNS) hijacking is serious, becoming more prevalent, and can cost you money and your reputation. It enables a third party to forward your company's web visitors to fake websites to steal login credentials and confidential data. DNS hijackers can also harvest information from inbound company emails, then launch sophisticated phishing attacks on customers and staff using a company's own domains to make the attack appear legitimate. This is not only a serious data risk, but a privacy nightmare, especially in light of more stringent government privacy policies, like the EU General Data Protection Regulation (GDPR).
HOW DO CYBER CRIMINALS ATTACK DNS?
At a basic level, the DNS serves as the internet's address book. It's responsible for translating the domain name an individual enters into a corresponding IP address (a unique string of numbers) that web browsers use to identify where traffic is trying to go. This process, like other protocols, may not be highly visible, but underpins the entire function of the public internet. Therefore, malicious efforts to corrupt or otherwise exploit the DNS not only threaten to harm individual users and organizations, but can also jeopardize overall trust and confidence in the internet itself.
Recent analysis from KrebsOnSecurity, Does Your Domain Have a Registry Lock?, underscores the global scale of this threat. Similarly, research from CSC showed that 78% of the world's most valuable companies have not implemented key domain name security measures, such as a domain registry lock. The research demonstrates that this is a systemic problem that has the potential to compromise organizations of all sizes, geographic locations, and sectors.
THREE ATTACK VECTORS USED FOR DNS HIJACKING
Domain name registrar management system
This method takes advantage of poor access and permission controls within a domain management system. Typically, an attacker will obtain the username and password to a registrar's portal that is not protected by two-factor authentication or IP validation, giving them access to change the name servers for domains accessible within the account, giving them control of the content.
Nameserver domain registry
The registry itself could be compromised. This famously played out with a Brazilian registry in 2016 when 36 Brazilian bank domains were redirected to perfectly reconstructed fake sites for six hours. The fraudulent websites even had valid digital certificates issued in the bank's name, tricking clients whose computers were then infected with malware disguised as a bank browser security plugin update.
The DNS provider systems
This method of attack stems from a vulnerability within the registrar's systems or processes, allowing unauthorized access to the DNS via stolen credentials.
DOMAIN SHADOWING: A MORE CUNNING ATTACK
Cyber criminals can change the zone files of a domain instead of altering the nameservers. They usually leave the website intact and add a subdomain to the zone file that can be used in a phishing attack.
This is far more difficult to identify than a modification to the existing DNS or zone file. In 2015, cyber threat researchers at Cisco® Talos reported that the Angler Exploit Kit had begun using domain shadowing as a technique to avoid detection and blocking. Since then, this attack vector has continued to increase in scale.
RECOMMENDATIONS TO MITIGATE THE RISK
Incorporate secure domain, DNS, and digital certificate practices into your overall cyber security posture
Use a defense in depth strategy to secure your domains, DNS, and digital certificates
Select an enterprise class provider
Secure access to domain and DNS management systems (two-factor authentication, IP validation, federated ID)
Control user permissions
Leverage advanced domain security features
Proactively identify, understand, and employ the appropriate security measures for your vital domain names (CSC Security CenterSM)
Continuous vital domain name identification
DNS security extensions (DNSSEC)
Domain-based message authentication, reporting, and conformance (DMARC)
Consolidate your domain, DNS, and digital certificate providers to an enterprise-class provider
CSC THOUGHT LEADERSHIP
DNS: The Growing Threat of DNS Hijacking and Domain Shadowing
In this post, we take a deep dive into DNS hijacking as well as domain shadowing.
Global DNS Hijacking and How CSC Secures Your Digital Assets
In the world of cyber crime, the news never seems to cease. In fact, two recent news stories detail domain name system (DNS) hijacking.
CSC Alerts Companies to Increased DNS Hijacking
Security learnings from the latest incidents.
WE'RE READY TO TALK
CSC can help you manage the risks of DNS hijacking. CSC Security Center deploys advanced proprietary algorithms to expose security blind spots that make you susceptible to attack. Hundreds of the world's largest companies use our security services—such as MultiLock and two-factor authentication—to protect their organization and brands. These solutions offer the most compelling method to minimize your risk in the event of an attack.