Recently, DNS hijacking attacks have occurred frequently, and the UK’s National Cyber Security Center (NCSC) has provided some mitigation measures. There have been many recent news reports about changes to the Domain Name System (DNS) attacks, so the National Cyber Security Center (NCSC) has provided mitigation measures to help organizations and individuals guard against such threats.
The Domain Name System (DNS) is a distributed database that maps domain names and IP addresses to each other, making it easier for people to access the Internet. From the user’s point of view, DNS hijacking is mainly phishing and traffic interception, and for the organization, it may lead to loss of control over the domain name.
A report from Avast telemetry data showed that between February and June, at least 180,000 routers in Brazil were compromised and DNS settings changed. By the end of March, Avast anti-virus software had blocked more than 4.6 million cross-site request forgery (CSRF) attempts that would change the DNS settings on the router.
Last week, Cisco Talos analyzed the hacker organization using DNS hijacking for cyber espionage – Sea Turtle began to re-activate. During at least two years of activity, the Sea Turtle targeted primarily organizations in the Middle East and North Africa, destroying DNS services used by telecommunications companies, IT companies, and domain name registrars.
The UK NCSC issued a document on Friday outlining the risks posed by DNS hijacking and advising organizations and individuals.
Domain name registration accounts are high-value targets, and hackers can take over through common techniques such as credential filling and phishing. Therefore, NCSC recommends that users use unique strong passwords to prevent phishing and enable multi-factor authentication. Regularly checking the details associated with your account and ensuring updates are a good way to prevent your account from being taken over. Restricting access to your account, as well as additional protection from the Registrar Lock service, also reduces the risk of an intruder controlling an account.
For organizations running DNS infrastructure, NCSC recommends implementing access and change control systems that provide backup and restore capabilities for DNS records and enforce strict access to computers that manage DNS services. NCSC also recommends the use of SSL Monitoring and DNS Security Extensions (DNSSEC). SSL monitoring helps to keep an eye on the SSL certificate of the company’s domain name. DNSSEC ensures that the DNS records on the server are encrypted.
For individual users, using the latest firmware update device, check if the website has a valid certificate, and verifying DNS settings is a good way to reduce the threat of DNS hijacking. Some network-level security solutions available to consumers also prevent hackers from exploiting vulnerabilities to modify DNS settings.