Top DNS Threats and How to Deal with Them

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top DNS Threats and How to Deal with Them-2 Next

DDoS Attacks Using DNS Amplification

Cyber criminals are able to launch distributed denial of service (DDoS) attacks through DNS amplification. DDoS attacks were the most common attack reported by organizations surveyed by Vanson Bourne, with 74 percent saying they've experienced such an attack. Typically, cyber criminals will set up a malicious domain with very large resource records, with the goal of executing a DNS amplification attack. Once the malicious domain is created, queries go to open DNS resolvers with spoofed source IPs and responses then go to spoofed IP address of the targeted servers, causing a DDoS attack. The volume of response traffic overwhelms the target, disrupting normal communication. Such attacks can result in costly downtime and negatively impact critical functions.

Network operators should take steps to prevent traffic from leaving their network with source IPs that are not local to that network. If a network operator's own resolvers are configured to perform recursive lookups, they should restrict access to the resolvers to requests coming only from their local network and have the ability to identify floods or requests related to DNS amplification.

The domain name system (DNS) is a critical component of the Internet, translating domain names such as www.itbusinessedge.com into Internet protocol (IP) addresses. However, since most standard security measures do not block DNS traffic, cyber criminals are able to infiltrate networks and gain access to proprietary data. In addition to launching attacks, cyber criminals can also exploit an organization's DNS infrastructure to cause outages.

In a survey conducted by Vanson Bourne, 66 percent of U.S. respondents reported that their organization suffered a DNS attack within the last 12 months. Even more troubling, respondents indicated that the attack resulted in loss of Internet service (63 percent), an increase in customer complaints (42 percent) and the loss of confidential customer information (33 percent).

Over the past year, some of the world's most highly trafficked media and social networking sites have been disrupted by DNS attacks, with hackers seizing control of their websites by changing information in the organizations' DNS databases. Recently, both websites for Lenovo and Google were victims of "domain hijacking." During the attack, visitors to Google's Vietnamese site were redirected to another site. Visitors to Lenovo's site were maliciously redirected to a defaced site controlled by the well-known hacker group, Lizard Squad.

In this slideshow, Cloudmark CTO Neil Cook shares five of the top DNS threats, their potential impact on organizations, and best practices for identifying and preventing such attacks.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.