6 Types of DNS Attacks: A Comprehensive Look At Secure DNS

Recently on the blog, we’ve talked a lot about DNS encryption and how DoH impacts end users. But there is more to DNS security than just encrypting DNS requests and responses. It’s probably safe to say that as a DNS filtering company, we have a lot of thoughts about the umbrella term “DNS security.”

There are so many different types of dns attacks on the internet but in this article we will cover the most common that victims fall for. But first, let's go over what DNS security is and why having secure DNS is so important.

What is DNS security?

It’s actually pretty simple, though fairly broad. When we talk about secure DNS, we’re talking about adding security at the DNS layer to protect end users from malicious site content, malware, phishing attacks, and other DNS-level attacks. For a brief overview of DNS, you can check out our blog on DNS filtering.

The end goal of DNS security is to mitigate possible threats at the DNS level—and this includes insider threats!

Why secure DNS needs to be a priority

It’s safe to assume that everyone at your company logs into a computer at some point in their working day. And a large majority of those people are accessing the internet. Since internet usage across all industries is so ubiquitous, protecting employees at the DNS level is imperative.

The moment an employee encounters a malicious URL without proper DNS security in place, it puts your business at tremendous risk. That employee may have highly confidential information that the hacker wants to access, or it can release malware onto that computer that could then spread to the entire network. Just navigating to the wrong website could result in all of your systems being taken offline for an unknown amount of time.

So how do these attacks even occur to begin with?

Common DNS attacks

Technically, almost any online attack could be considered a DNS attack since it needs to use DNS to spread.

What follows is by no means a complete list of all DNS attacks that can occur, but these are the attacks that people fall victim to most often.

Phishing

Phishing attacks are a favorite among hackers. This is because they’re relatively easy to implement compared to other attacks. These attacks can be implemented via a website or an email in an attempt to lure victims to take the bait.

Attacks that target a certain company or group of people are known as “spear phishing” attacks. It’s easy to be conned by these attacks when the hacker is a skilled manipulator and does their research on you and your company. But even the attacks that aren’t that well crafted have a high likelihood of working if the victim isn’t paying close attention.

The unprecedented takeover of multiple celebrity Twitter accounts in July was a result of a spear phishing campaign that targeted Twitter employees with account control access.

Malware

I’ll keep this short since malware is a very broad term and we cover a type of malware attack below. The term malware is actually an abbreviated form of “malicious software.” It can be spread through forced downloads, phishing schemes, or malicious ad content.

You’ve probably noticed that phishing attacks and malware attacks are sometimes interconnected. Phishing refers to the way an attack is deployed and malware refers to the actual malicious software that winds up on a victim’s computer. So, a phishing attack is not always a malware attack, though it can be. And vice versa.

Ransomware

Ransomware is the most common form of malware attack. The malware users downloads (or is forced to download) allows hackers to encrypt user files (or entire computers, networks, etc.) and then ask that a ransom be paid.

In July, the GPS navigation company Garmin had a multi-day outage as the result of a ransomware attack. The hackers encrypted parts of their network which blocked users from being able to use Garmin devices.

DDoS attacks

A DDoS attack occurs when an attacker targets a network or server in an attempt to overwhelm the system with a large amount of internet traffic. A DDoS attack is an interesting hybrid of malware and botnet attacks.

A computer or device is infected by malware which turns those devices into “bots,” with the hacker gaining control over said bots. These bots then send requests to the targeted server aiming to overflow systems and create a “denial of service” error. That’s a very high-level look at DDoS attacks. Under the umbrella of DDoS attacks, there are many types of attacks.

In February 2020, AWS mitigated a DDoS attack that was 2.3 Tbps in size (the largest DDoS attack ever, nearly doubling the previous record).

Man-in-the-middle attacks

This is when a malicious actor intercepts a communication between two parties. Most commonly we see this when a user is temporarily redirected to a fake login page that will collect personal information or login credentials. Think of it as an advanced form of a phishing attack. It’s incredibly technical and the hacker needs to have strong coding abilities, so it doesn’t rely on their ability to manipulate. Instead, it completely hinges on their ability to camouflage themselves.

These types of attacks are where DNS encryption is essential.

Domain hijacking

Sometimes also called “domain theft”, hijacking is when a domain name is stolen from the holder of the registered domain. The true owner of the domain is completely locked out. One method of hijacking involves attackers taking control of the domain owner’s DNS records. And note that we’re not just talking about a WordPress-hosted website here. We’re talking about complete ownership of a domain. This means they gain control over directing website visitors and can direct all incoming and outgoing emails.

The hijacker might continue to run the website as-is in order to gain information about the website’s users (and in turn steal from them), turn the hacked website into a way to deploy malware, or simply sell the hijacked domain through secondary markets.

In one famous case, former basketball player Mark Madsen purchased a domain from eBay for more than $100,000. The domain purchased was actually a hijacked domain.

Note that this is the one attack listed here where DNS filtering can’t help you completely (except in cases where domain hijacking is attempted via phishing schemes). I recommend you lock down the logins for your registered domain (such as your GoDaddy account), add 2FA, and use strong passwords.

What actions you can take

To avoid placing your company at risk of DNS level attacks, you need to implement DNS filtering with DNS encryption enabled. When looking for a DNS security solution you should also prioritize network redundancy and the ability to log DNS activity and report on it.

But it doesn’t start and stop with your DNS filtering provider. Use a role-based access approach, meaning only the people who need access to any given system get access to it. Change your passwords frequently and make 2FA mandatory when applications have the option for it. Finally, work toward comprehensive cybersecurity awareness training within your organization.

When everyone is more familiar with types of attacks they might encounter and how they can protect themselves, your company is safer.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Fall 2023 G2 Awards Are Here: 29 Badges and Counting For DNSFilter Fall 2023 G2 Awards Are Here: 29 Badges and Counting For DNSFilter

DNSFilter has been named a leader in Secure Web Gateway, DNS Security, and Web Security categories on G2, earning an impressive 29 badges and named in 29 reports. This includes new badges such as High Performer EMEA and Leader Americas in the Web Security category. 

These accolades are a testament to our commitment to our customers. We are particularly proud of our badges for ease of implementation, administration, and quality support. Providing ...

DNSFilter CEO Reacts to France’s “Bill to Secure and Regulate the Digital Space” DNSFilter CEO Reacts to France’s “Bill to Secure and Regulate the Digital Space”

At the end of June, Vint Cerf, one of the “fathers of the internet” published an article on Medium in response to a drafted bill by the French Republic. You can read the original French proposal here, but we’ll also include a version translated into English at the bottom of this article.

First, let me provide a quick summary of what the bill is proposing:

Spurred on by the proliferation of cyber threats and attacks, the government of France is pr...

Your Security Stack & Fantasy Football Team Have More in Common Than You'd Think Your Security Stack & Fantasy Football Team Have More in Common Than You'd Think

If you’re a football fan like many of us at DNSFilter, it’s possible you have a fantasy league in the office or with your friends. Our #sportsball slack channel is keeping many of us going as the weather cools down and the days get shorter. It’s a fun way to discuss and track the football season (and potentially win bragging rights and the respect of your fantasy prowess). 

Now you might be thinking, “How on Earth could fantasy football possibly ...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.