Homing In On DNS Exploits to Secure Your System

Discover how working with STS as your trusted IT services team can keep your network free of DNS exploits.

Adam Rippon

Homing In On DNS Exploits to Secure Your System

DNS (The Domain Name System) is the internet’s version of a phone book. Such protocols are essential to how you navigate through the internet. They translate cryptic computer hostnames into easy to read IP addresses.

It’s a core service that implements various solutions for DNS servers. Windows DNS Server is the most commonly used solution since Windows Domain environment supports a majority of networking systems out there.

However, DNS services are vulnerable to malicious attacks. There has been a steady rise in the use of DNS exploits to gain a back door into the core systems of companies around the world. Even massive tech firms such as Google, news outlets, and banks have fallen prey to DNS server attacks.

The situation is so dire that PM Morrison has urged for extra vigilance in how we protect our systems from such attacks.

Here are a few things about DNS exploits that will help you secure your systems and data from malicious attacks:

DNS Exploits

How Does a DNS Exploit work?

DNS exploits are vulnerabilities that trigger malicious responses in DNS servers. Once such a response is initiated, the server responds by elevating access privileges. If an attacker knows their craft, such an attack can gain them privileged Domain administer rights.

This effectively locks you out of your server and compromises your entire system infrastructure. According to the Global DNS Threat Report 2019, there has been a 34% rise in DNS exploit.

Here are some of the common DNS-based security threat ranked by percentage:

  1. Anomalies in sever Protocols – 48%
  2. DNS tunneling – 40%
  3. Botnets based attacks – 35%
  4. Amplification and reflection traffic – 17%
  5. DDoS (Distributed Denial of service) attacks – 14%
  6. Ransomware – 13%

As you can see, DNS exploits use simple means. But, they are capable of crippling your enterprise operations.

How Do Hackers Use DNS Exploits?

DDoS attacks are rampant in Australia. The ACSC (Australian Signals Directorate’s Australian Cyber Security Centre) has even issued security directives in an ongoing campaign. Following such advisories and exercising a measure of caution will keep your system safe.

However, DDoS attacks are not the only ways hackers us DNS exploits. So, know a few more of their tricks is the best way to protect your system.

Here are 3 common DNS exploit attacks that hackers use to gain access to systems

DDoS Attacks on DNS

Various systems are vulnerable to such attacks, including DNS servers. They can cause crashes that lockout millions of users from your website. However, in some cases, they can still use your website if DNS records were secured in a local cache.

Fortunately, you can mitigate the risk of DNS server attacks by configuring your system to rely on various DNS servers. Google’s free Public DNS servers come highly recommended as a suitable countermeasure.

DNS Cache Poisoning

Such attacks route your website visitors to a different website. They may be unaware of such attacks because they entered the right domain name. Hackers then use Phishing techniques to scam users of their personal details, passwords, and credit card information.

Hackers use the following means to achieve such goals:

Trickle-down DNS caching: whenever you search the web, your history is saved as DNS cache. This helps cut down on the time DNS serves need to load and respond to user queries. This approach trickles down to every web user. Hackers can then use such records to route your web traffic.

Poisoned DNS caches: this occurs when the cached data on a router is compromised. In such a situation, your users can be routed to fake websites. This false cache then trickles down to more user machines. This makes it infect more systems and could have disastrous consequences, especially when combined with a DDoS attack.

DNS Amplification

Such attacks exploit the open nature of DNS services to force them to distribute DDoS attacks. They are common and have been used to attack popular websites such as BBC and Sony. Here are some of the method hackers employ for such attacks:

Amplify and crank up: in such cases, attackers use a botnet (a network of computers infected by malware) to send a large amount of traffic to a target site. They can slow down a compromised system by sending more requests to other servers. These systems, in turn, send even more traffic to the target. The aim here is to overwhelm the DNS server until it crashes.

How Do You Stop Common DNS Exploit Attacks?

DNS attacks exploit the basic chinks in your DNS server and its open nature. Therefore there isn’t a simple solution that will help. But, here are a few measures you can take to mitigate the damage and thwart common DNS exploit attacks:

Protecting Your Cache Resolver

A private resolver is a secure one. You can ensure it remains that way by restricting it’s access to users within your network. This effectively blocks hackers from poisoning it from outside your organisation. You can use Measurement factory to check external users have access to your resolver.

Using Sconfigured Firewalls

Most countermeasures fail to recognise DNS exploits that flood systems on your network with queries. You can configure UTM firewalls to sift out and eliminate DDoS attacks. This effectively limits artificial packets of data disseminated by a botnet.

Zero Trust Authentication

DNS account details can be socially hacked or phished. Your server can remain safe if you have a two-factor authentication measure to your login procedure. Such a feature sends a one-time password to a phone or comes with a security dongle.

DNSSEC

is a technology that allows you to affix a digital signature to your DNS information. Such a measure effectively blocks hackers from accessing your server or forging login credentials.

Insisting on IP Dependant Logins

This is an extreme measure, but it’s effective against both internal and external DNS exploits. With such a contingency, you get to specify a range of IP addresses that can access your site. It’s not highly recommended since it locks out the traffic outside your range.

In Summation

DNS exploit are opportunistic attacks that prey on the trustful nature of DNS services. This makes them hard to spot. The ASCS recommends that all organisations should prepare for attacks in advance. That’s usually easier said than done. The best way to deal with the situation is to learn as much as possible. In this sense, you’ll develop a proactive approach that will keep your systems safe from malicious DNS exploits.

Click here to get started or call us at (02) 8212 4722.