Has DNS attack increased over the years?

Our life has become surrounded by the ease internet has offered, starting from banking, shopping, travelling and even communicating. Hence, with the increase in usage of internet, cyber security has become a primary concern to safeguard against cyber-attacks. DNS attack is one such cyber-attack that has become quite common. DNS as broadly known as domain name system can encounter an appalling fate in the hands of DNS attack due to lack of security.

How DNS server operates?

Companies such as Google, The New York Times have all fallen victim to cyber-attacks. Now, in order to prevent cyber-attacks from happening, it is first of all important to understand what they are and how they work. It is a common observation that, DNS attack happens only when the DNS server is vulnerable. Now, DNS is a protocol whose major function is to convert a user-friendly domain into an IP address. When a domain name is browsed, the DNS program available in the operating system also known as DNS resolver, recovers the IP address of that domain name. Once the DNS resolver locates the IP address, it adds to the DNS cache for future usage.

DNS attacks happen, through replacing authorized IP address of a website with the hacked one. This way, when any user tries to access the IP address, gets redirected to the hacked address damaging the system. Since, there is no default configuration for a DNS server hence, it causes damage beyond repairable limits.

Fighting DNS attack

Recently DNS attacks have increased corrupting popular websites such as, Reddit, Spotify and Twitter. This requires educating resources about the attack and the potential threats that can be avoided in order to prevent the attack.

Some companies try to minimize the possibility of cyber attack by upgrading the DNS software regularly while ensuring duplication of servers to avoid any dysfunctions triggered by DNS attack. Organizations also encourage users to flush DNS cache to reduce security concern.

Types of DNS attack

• Zero-day attack – where the hacker targets the vulnerable section of DNS server.
• Fast Flux DNS – hackers swap DNS record with speed to avoid detection.
• DDoS attack – it stands for distributed denial of service attack. This is common when multiple systems are targeted. A DDoS attack ensures that the whole DNS server crashes. Hence, this means huge security concern. Such attack can be reduced with the help of technologies like IPFIX, NetFlow, etc.
• DNS spoofing – also known as DNS cache poisoning where the attacker replaces the authorized IP address to redirect traffic to an IP address which can help to steal crucial information.

Preventive measures for a secured DNS server

Attackers mostly use DNS spoofing to steal information because it is difficult to detect it. Hence, regular clearing of DNS cache can give some amount of protection against the attack. Recently, UK’s National Cyber Security Centre highlighted about an increased number of DNS attacks and the subsequent costs associated with it also, pointing towards a need for robust security implementations. Tools like BGPmon and Umbrella Investigate can help to monitor DNS server in order to identify changes. This way an initial level of protection can be ensured.

– Kathakali Basu
Content Writer
Infoholic Research