DNS hijacking, also referred to as DNS redirection, is a specific type of cyber attack, wherein a “bad actor” can redirect queries to a domain name server, by overriding TCP/IP settings often by hacking and modifying a server’s settings. DNS hijacking is frequently used for phishing – displaying fake versions of sites that users access and stealing data or credentials from unsuspecting users.
There are 4 primary methods employed by hackers to carry out these DNS redirection attacks:
- Local DNS Hijacking – Hackers will install malware on an individual user’s computer, allowing them to change the local DNS settingds and redirect that user to malicious web sites.
- Router DNS Hijacking – Often times, your routers default password has never been changed. This provides an opportunity for hackers. Malicious actors can take over a router overwite the typical DNS settings, affecting all users who are utilizing that router.
- Man in the Middle Attack – This method allows hackers to intercept communication between a user and the DNS server, changing the IP addresses of specific sites to redirect the user to a malicious site.
- Rogue DNS Server – In this instance, hackers will compromise a DNS server and modify the DNS records to redirect DNS requests to malicious sites that they control.
How to prevent DNS Hijacking
- Good Security Software
The most important step is to utilize good security software that will prevent malware, such as DNS changers from being installed on user’s hard drives.
- Install A Firewall
Whereas hardware-based firewalls are optimal, if you do not currently have a firewall, you can, at minimum, turn on your routeres built-in firewall.
- Identify Resolvers on your Network
Any unneeded DNS resolvers should be decommissioned. Required resolvers should be installed behind the firewall with no access to users outside of the organization.
- Restrict Access to Name Server
Utilizing both physical security, as well as a firewall, require multi-factor access.
- Patch Known Vulnerabilities
Hackers routinely look for vulnerable DNS servers so make sure your patches are up to date.
If you think you may already be infected, we can help. Call us today at 800-277-1726 and one of our malware experts will work with you to restore the security and integrity of your network.