A feature that enables users to view content by fostering a link between a website and IP address through its database and is a key component of the digital infrastructure is the Domain Naming System. Over the years hackers have found numerous ways to exploit this service by altering domain registrars, planning a DDoS attack, cache positions, and DNS tunneling among other ways.
In recent times, a Japanese cryptocurrency exchange called Coincheck suffered a security incident by DNS highjacking that saw emails and other personal information of around 200 customers being exposed. In this attack, the threat actor modified the primary DNS entry through the account at the company’s domain registrar provider. Then to obtain the account credentials of their customers spear-phishing techniques were deployed.
In another incident, an NXNS Vulnerability in the DNS servers was reported by a team of Israeli academics. This vulnerability could be abused to launch a DDoS attack of gargantuan proportions. However, a security advisory was released by Microsoft to ameliorate this vulnerability. This flaw could be abused to augment a single DNS request into a DDoS attack against the authoritative DNS servers.
Fixing DNS flaws is just one piece of the puzzle when there are other less discussed threats that need addressing as well.
The exploitation of abandoned domains by hackers is a growing problem according to security experts, especially in the event of mergers, partnerships, dissolved firms, etc. Launch of a new brand or rebranding of an old one surely requires changes to the domain names but allowing the older domains to expire poses a greater threat to the firms undergoing the said changes.
Hackers can start receiving hoard of confidential information including bank correspondence, invoices, and other updates by simply re-registering the old domains and setting up an email server. Another scenario sheds light on how the resurrection of abandoned online shopping domains can happen and a hacker could cash in on the placement of new orders by impersonating a fully functioning service. A CRM can also divulge information about the customers via an email-based password reset query.
In a security incident earlier this year, Out of the thousands of domains lying with Microsoft, hackers highjacked a few Microsoft domains to advertise for poker casino.
A little editing into the DNS configurations can save users and organizations from a lot of embarrassment. Usually, it’s the job of the IT team to manage DNS entries.
The New Priority
The latest technology that is being adopted by various software vendors to secure DNS traffic is the DNS over HTTPS (DoH)
- With the launch of Chrome 83, the Chrome browser for Windows, Mac OS and Chromebooks recently introduced the DoH option that will work for those whose DNS service can handle the encrypted connection.
- Microsoft also joined in the encrypted DNS bandwagon by enabling the DNS in Windows 10.
To read more, please check eScan Blog
