DNS (Domain Name System) is a system that is used to translate website names (human friendly) into associated IP addresses (machine friendly) and vice versa. DNS is not only limited to translating website names, but it is a hierarchal and decentralized system that is used to identify the computers, services, and other resources reachable on the internet.
While the use of DNS is normal and mandatory for every internet user, adversaries always have their greedy and malicious eyes to exploit the vulnerabilities of DNS.
According to IDC 2021 Global DNS Threat Report, 91% of financial organizations have faced at least one DNS Security attack. In terms of money, every attack costs approximately $1.1 Million to the financial sector.
CTO of EfficientIP has also stated last year; “This year’s 2021 DNS Security Survey confirms that nearly all companies have had their apps and services disrupted by DNS attacks.”
These figures are increasing alarmingly due to the COVID-19 pandemic and home-based jobs. IDC 2021 report also stated that 49% of attacks were DNS Phishing attacks, 38% were DNS-based malware, 27% were DNS hijacking attacks, and so on in the list.
DNS attacks have the potential to disrupt the whole service or network of a company and cause them reputation damage, financial loss, or an increase of unsatisfied customers. Specifically, SMBs are prime targets for threat actors because they know that SMB’s have limited budgets and they cannot spend a healthy amount to install a sophisticated cyber security system.
Therefore, DNS security attacks on SMB’s are the prime activity of cybercriminals. But you do not have to worry about DNS security attack risks if you start taking precautions right now. Below are some most common DNS attacks and some prevention techniques to protect your network against DNS attacks.
Top 5 DNS security attack risks
1. Cache poisoning
DNS Cache Poisoning is the act of modifying the DNS cache in the wrong way so that all DNS requests return an incorrect response and direct the user to some fraudulent website instead of the user’s actual desired website. The most recent example of this attack can be seen here. DNS Spoofing and DNS Redirect also involve cache poisoning and DNS Hijacking is the umbrella term for all of them.
2. DNS Based Malware
DNS can be used to deliver malware into your system. Just like the malware “WannaCry,” which exploited the DNS. To turn itself on and off, WannaCry checks if a particular domain is registered or not. Malware can abuse the DNS and use their attributes to launch attacks and ransomware into the network.
3. DNS Flooding (TCP and UDP flooding)
DNS act as a phonebook of the internet. DNS flooding is a type of DDOS (Distributed Denial of Service) attack where cyber criminals perform TCP of UDP packet flooding to the target domain’s DNS server to disrupt its services for legitimate users. NXDOMAIN attack and Phantom Domain attack is the type of DNS Flooding Attack.
4. DNS Rebinding
This attack can be launched by running JavaScript on a malicious web page to gain control of the user router by abusing the same-origin policy. DNS rebinding attack requires running a JavaScript in the victim browser to control their router.
5. DNS Tunnelling attack
Encoding the data of another program, most malware, into the queries and responses of DNS is known as DNS tunnelling. As DNS traffic is allowed to move from the security system, malicious actors use this advantage to install a tunnelling program on the target computer and launch the DNS Tunnelling Attack.
How to avoid DNS security risks
-
Use a Dedicated DNS server
One of the best ways to avoid DNS attack risks is to use a dedicated DNS server. A complete separate isolated server which only handles DNS queries. It will reduce the chance of getting hit by other cyberattacks and lateral movements of threat actors in case of cyber-attacks. You will also get more optimized performance as well. You should close all unnecessary ports, halt unwanted OS services, and allow only mandatory basic services in your DNS to significantly reduce the change of cyber-attack.
No one can deny the benefits of using a security system. Using a dedicated DNS Firewall can effectively secure your network from DNS attacks. DNS security system can prevent infections and secure your server from malware activities, deliver threat reporting, provide you with more filtering policies, and may more safety features.
-
Configure DNS security features
There are plenty of security features in DNS when configured wisely, which can help to reduce the change of cyber-attack. Restrict Zone Transfers and hide Bind version to protect your zone and DNS version information. Disable DNS recursion to prevent DNS poisoning attacks.
-
Maintaining DNS server (Updating, auditing)
Adversaries are interested to exploit the vulnerability of old software, so keep your DNS updated all the time and apply security patches as soon as they are available. Also, make the habit of auditing your DNS server in terms of all running Zones, DNS public records, IPs, and other records. Auditing will refresh your memory about how many domains and subdomains you are running what is their status in DNS.
-
Use DDoS mitigation service
Using a DDoS mitigation service to mitigate DNS attacks will be a smart move. Although, it can increase cost prevention is cheaper than cure. It will be in your great favor to use any reputed DNS DDoS mitigation provider like Cloudflare & Redware Defence.
Conclusion
Keeping your DNS server secure from threat actors is mandatory for companies to deliver satisfactory services to their customers and end-users. As we have seen in the past, cybercriminals did not spare any vulnerable DNS server, so companies must have to prioritize their cyber defines against DNS attacks. There are multiple ways that do not impose any extra cost but only require suitable configurations to prevent DNS attacks.