DNS is a key component of the online infrastructure that enables users to view content by fostering a link between a website and its IP address through its database. For hackers, it provides the opportunity to disrupt manipulating this service can cause altering domain registrars (also called DNS hijacking), planning a DDoS attack, cache position, DNS tunneling among others.
Here’s what happened recently
- Coincheck, a Japanese cryptocurrency exchange, suffered a DNS hijacking incident that exposed the emails and personal information of around 200 customers. The hackers modified the primary DNS entry through the account at the company's domain registrar provider — Oname.com. Then, the hackers attempted spear-phishing techniques to obtain the account credentials of the customers.
- Last month, a team of academics from Israel had reported an NXNS vulnerability in DNS servers that could be abused to launch DDoS attacks of massive proportions. Meanwhile, Microsoft has released a security advisory to mitigate this vulnerability. According to experts, the flaw could be abused to amplify a single DNS request into a DDoS attack against authoritative DNS servers.
However, fixing DNS security flaws is only one part of the broader picture. There are other threats hovering around DNS and one of them is often less discussed.
The unattended DNS concern
One of the growing problems that experts look at currently is the exploitation of abandoned domains by hackers, especially in the events of mergers, partnerships, dissolved firms, etc. Sure, rebranding requires changes in the domain names but letting the old domains expire poses a greater threat to firms.
- By simply re-registering old domains and setting up an email server, hackers can start receiving hoards of confidential information including bank correspondence, invoices, and other updates.
- Abandoned domain for an online shop can be resurrected to take new orders and payments by posing as a fully functioning service. Further, a CRM system can divulge who customers list to the adversaries via an email-based password reset query.
- Early this year, spammers hijacked Microsoft subdomains to advertise poker casinos. There are thousands of such subdomains lying with Microsoft.
Managing DNS entries is typically an IT job, and only a little editing in the DNS configuration can save you from all the embarrassment. Besides, more can be done to secure DNS.
Encrypting DNS is the new priority
Among the new methods to secure DNS traffic, DNS over HTTPS (DoH) is the latest technology that is being adopted by many software vendors.
- The Chrome browser for Windows, macOS, and Chromebooks recently introduced a DoH option with its Chrome 83 launch that will work for those whose DNS service can handle the encrypted connection.
- Last week, the Cybersecurity and Infrastructure Security Agency (CISA) announced a new DNS resolver service to include encrypted DNS resolution over TLS, HTTPS connections for different Internet Protocol versions.
- In mid-May, Microsoft also joined the encrypted DNS club by enabling DoH in Windows 10.