DNS hijacking attack types (6 main types)
Local DNS hijack — attackers install Trojan malware on a user’s computer, and change the
local DNS settings to redirect the user to malicious sites. Router DNS hijack — many routers have default passwords or firmware vulnerabilities.
Attackers can take over a router and overwrite DNS settings, affecting all users connected to
that router. Man in the middle DNS attacks — attackers intercept communication between a user and a
DNS server, and provide different destination IP addresses pointing to malicious sites. Rogue DNS Server — attackers can hack a DNS server, and change DNS records to redirect
DNS requests to malicious sites. Recursive DNS hijacking — because DNS resolving is hierarchical with caching at the ISP level,
hackers take over ISP recursive DNS resolvers and provide fake answers to end users. Registrar record modification — the domain registrar provides the names of the authoritative
name servers to the top level DNS. An attacker hacks into the domain registration records and
modifies them to point to a rogue server.Mitigation Methods
Upgrade DNS in the Application Infrastructure
The lack of attention of DNS lags behind the innovation of the infrastructure in the cloud, creating cracks
for possible exploitation. As organisations increasingly embrace a new generation of “cloud first”
computing environments with multiple, connected clouds, data centres and CDNs, they also need to
adapt and upgrade the underpinning infrastructure, including DNS and security technologies and policies.
Use DNSSEC
Application layers use security protocols (like HTTPS, DMARC, etc.), and DNS is no exception. The
Domain Name System Security Extensions (DNSSEC) is one of them. DNSSEC reinforces the
authenticity of DNS query responses by using digital signatures to authenticate communications,
protecting applications (and the caching resolvers used by those applications) from using fake DNS data
in cache poisoning and spoofing attacks. Historically, organizations have held back from using DNSSEC,
because implementing it would mean sacrificing the DNS traffic management capabilities they rely on to
deliver high quality online services. However, with recent technological developments, this is no longer a
problem.
Secure access
Use two-factor authentication when accessing the authoritative DNS provider and the registrar, to avoid
compromise. If possible, define a whitelist of IP addresses that are allowed to access DNS settings.