CYBER CRIMINALS ARE COMPROMISING YOUR DOMAIN NAMES AND DNS

Domain name and domain name system (DNS) hijacking is serious, becoming more prevalent, and can cost you money and your reputation. It enables a third party to forward your company's web visitors to fake websites to steal login credentials and confidential data. DNS hijackers can also harvest information from inbound company emails, then launch sophisticated phishing attacks on customers and staff using a company's own domains to make the attack appear legitimate. This is not only a serious data risk, but a privacy nightmare, especially in light of more stringent government privacy policies, like the EU General Data Protection Regulation (GDPR).

GET IN TOUCH

Contact CSC for a free consultation.

Contact us 
DNS Hijacking

HOW DO CYBER CRIMINALS ATTACK DNS?

At a basic level, the DNS serves as the internet's address book. It's responsible for translating the domain name an individual enters into a corresponding IP address (a unique string of numbers) that web browsers use to identify where traffic is trying to go. This process, like other protocols, may not be highly visible, but underpins the entire function of the public internet. Therefore, malicious efforts to corrupt or otherwise exploit the DNS not only threaten to harm individual users and organizations, but can also jeopardize overall trust and confidence in the internet itself.

Recent analysis from KrebsOnSecurity, Does Your Domain Have a Registry Lock?, underscores the global scale of this threat. Similarly, research from CSC showed that 78% of the world's most valuable companies have not implemented key domain name security measures, such as a domain registry lock. The research demonstrates that this is a systemic problem that has the potential to compromise organizations of all sizes, geographic locations, and sectors.

Read more about mitigating the threat of DNS hijacking.

DNS Hijacking

THREE ATTACK VECTORS USED FOR DNS HIJACKING

1

Domain name registrar management system

This method takes advantage of poor access and permission controls within a domain management system. Typically, an attacker will obtain the username and password to a registrar's portal that is not protected by two-factor authentication or IP validation, giving them access to change the name servers for domains accessible within the account, giving them control of the content.

2

Nameserver domain registry

The registry itself could be compromised. This famously played out with a Brazilian registry in 2016 when 36 Brazilian bank domains were redirected to perfectly reconstructed fake sites for six hours. The fraudulent websites even had valid digital certificates issued in the bank's name, tricking clients whose computers were then infected with malware disguised as a bank browser security plugin update.

3

The DNS provider systems

This method of attack stems from a vulnerability within the registrar's systems or processes, allowing unauthorized access to the DNS via stolen credentials.

DNS Hijacking

DOMAIN SHADOWING: A MORE CUNNING ATTACK

Cyber criminals can change the zone files of a domain instead of altering the nameservers. They usually leave the website intact and add a subdomain to the zone file that can be used in a phishing attack.

This is far more difficult to identify than a modification to the existing DNS or zone file. In 2015, cyber threat researchers at Cisco® Talos reported that the Angler Exploit Kit had begun using domain shadowing as a technique to avoid detection and blocking. Since then, this attack vector has continued to increase in scale.

RECOMMENDATIONS TO MITIGATE THE RISK

  1. Incorporate secure domain, DNS, and digital certificate practices into your overall cyber security posture

  2. Use a defense in depth strategy to secure your domains, DNS, and digital certificates

    • Select an enterprise class provider

    • Secure access to domain and DNS management systems (two-factor authentication, IP validation, federated ID)

    • Control user permissions

    • Leverage advanced domain security features

  3. Proactively identify, understand, and employ the appropriate security measures for your vital domain names (CSC Security CenterSM)

    • Continuous vital domain name identification

    • Registry lock

    • DNS security extensions (DNSSEC)

    • Domain-based message authentication, reporting, and conformance (DMARC)

  4. Consolidate your domain, DNS, and digital certificate providers to an enterprise-class provider

Learn more about how CSC can help you to secure your domains, DNS, and digital certificates.

DNS Hijacking

CSC THOUGHT LEADERSHIP

BLOG
The Growing Threat of DNS Hijacking and Domain Shadowing

DNS: The Growing Threat of DNS Hijacking and Domain Shadowing

In this post, we take a deep dive into DNS hijacking as well as domain shadowing.

 Read now

BLOG
Global DNS Hijacking and How CSC Secures Your Digital Assets

Global DNS Hijacking and How CSC Secures Your Digital Assets

In the world of cyber crime, the news never seems to cease. In fact, two recent news stories detail domain name system (DNS) hijacking.

 Read now

PRESS RELEASE
CSC Alerts Companies to Increased DNS Hijacking

CSC Alerts Companies to Increased DNS Hijacking

Security learnings from the latest incidents.

 Read now
We're ready to talk.

WE'RE READY TO TALK

CSC can help you manage the risks of DNS hijacking. CSC Security Center deploys advanced proprietary algorithms to expose security blind spots that make you susceptible to attack. Hundreds of the world's largest companies use our security services—such as MultiLock and two-factor authentication—to protect their organization and brands. These solutions offer the most compelling method to minimize your risk in the event of an attack.



Start eRecording Today

Maximum characters: 250
*Required

Learn how to unsubscribe from emails.