When online, there are many threats users face. While many are often protected against, one of the most favored by cybercriminals lately is the use of DNS hijacking.
Quick Preview show
While relatively unknown to many users, this occurs when a user does a search. The DNS server that connects them to the destination has been compromised.
Rather than landing on the expected page, users can be diverted to sites, which could be a copycat and used to gain vital information.
If you have concerns about your online security, you can learn from this guide all you should know about DNS hijacking vulnerabilities and how you can stop them.
What is DNS?
The DNS (Domain Name System) comprises a directory system that links websites to their IP addresses.
We use DNS because; humans can’t remember all the numbers that make up these IP addresses for every site or device connected to the internet.
- As you type a site’s name, that name or the URL (Universal Resource Locator) heads off to the DNS server and is known as a DNS query.
- In response, the browser receives the site’s IP address.
- Once your browser and device have this IP, you can communicate with it.
What is DNS Hijacking?
DNS hijacking is an attack, which intercepts DNS queries and re-directs users to malicious sites. While often seen as a cyber-criminal thing, others are using this, and in most cases, these are who we thought we could trust.
Your ISP (Internet Service Providers) can also hijack DNS queries and re-direct subscribers for their own purposes (Geo-restrictions or blocked websites can be included here).
DNS hijacking was thought to be a dying trend, although large corporations such as PayPal, Gmail, and Netflix, among others, are targeted by DNS hijacking.
You can find DNS hijacking works using principles of exploitation of DNS, although there are small differences as to how these attacks occur.
The full website name we know is the fully qualified domain name (FQDN), and behind the scenes, it is broken into chunks:
- Top-level domain (TLD)
- Sub-domain
- The host
Each element has the corresponding DNS server that it uses to process DNS requests.
Browsers ask DNS resolvers, the first servers, the location of the domain, and then this resolver passes inquiries to the TLD’s DNS server, which asks the DNS server for the website.
DNS hijacking can occur anywhere in this sequence. Most users have their DNS settings configured by their ISP, or in some cases, they may use the ones from Google.
We may not be aware, yet such companies can exploit the settings to gather data and direct users to sites which they will benefit from.
However, malicious DNS hijacking involves the compromising of DNS servers. Here they add fake IP addresses, and as a result, they can re-direct users to third-party locations where the cybercriminal tries to glean personal information.
In a regular browsing session, any user won’t have any concern over their DNS requests, and because of this, these DNS vulnerabilities and attacks are overlooked and hard to prevent.
Adding to this, once one server has been compromised, they can spread rapidly as each server asks and receives confirmation from another.
Types of DNS Hijacking
Here you can find the five main kinds of DNS vulnerabilities users face most often.
Man-in-the-middle-attacks
Here is the most well known. A hijacker will intercept your DNS request and re-direct it to a third party server. You can find yourself on copycat websites where you give away your personal login details.
With this, you may find you are facing ‘Pharming’ attacks, which are pop-ups that direct you wherever the attacker wants you to go.
Cache Poisoning
You can find this as another way of redirecting you to spoof sites. However, this method doesn’t directly hijack any DNS requests. What happens is that fake DNS entries are inserted into the cache or memory of a DNS resolver. As you head along the path, your connection is re-directed to these locations.
Rogue DNS Servers
A DNS server will be under attack and compromised. Once this happens, its records will be changed, and users will find themselves on phishing sites.
DNS Hijacking Using Router Vulnerabilities
A person needs to gain access to a server where they can alter the DNS settings. Here, the servers can re-direct users to phishing sites.
Malware Attacks
Here is the most popular attack we see on the internet. With this, an attacker will infect your device using Trojans, and from here, they will change the DNS settings of an infected device before directing them to malicious DNS servers.
Most often, these are on local networks, and once they infect Wi-Fi routers, they have the chance to obtain personal information and email addresses from high numbers of users.
How You Can Stop DNS Hijacking
If you want to beef up your DNS security, the means to do so are very similar to protecting against other attacks.
Here are the fundamental things you need to make sure you do as a matter of course.
- Only use up-to-date security software and, in particular, any antivirus or anti-malware protection software you use.
- Never click on a suspect link that comes in your email in what comes in your social media.
How to Protect Your Router
Change the default admin and router password
- A router has two sets of login details. One for access, and the second to access your router where you can change settings.
- Hackers can change DNS settings if they obtain this admin and password. What makes it worse is there are limited numbers of admin and default passwords, so a hacker only needs network access.
- Network login screens are accessed by entering 192.168.0.1 or 192.168.1.1 into a browser that sits on a network.
Update router firmware
Not every router will have updates, yet you have a newer model, make sure to update the firmware for the most recent security vulnerabilities.
Never use public Wi-Fi to send personal information
The local coffee shop can be handy to do some online shopping or checking your bank account. However, it is easy for these attackers to take over public Wi-Fi routers and grab as much information as they want.
Check site URLs
If you are vising a new site, or there is a link in your email. Check the links are for the sites you expect to visit and don’t have strange names in the URL.
Phishing sites, on most occasions, don’t have valid SSL (secure sockets layer) certificates. Later, browsers show this in the address bar.
Following the above will put you in good stead to stop a lot of threats. However, there are new variations on these appearing all the time. One of the main reasons being there is little encryption at these stages and the skills of attackers increases.
Using a VPN to Prevent DNS Hijacks
Before seeing how to fix DNS issues, you can carry out a DNS hijacking test at the following site: https://routersecurity.org
Here, there are multiple links to sites; you can check DNS requests are going where they should, from your router.
Using a VPN is the best way to secure yourself against DNS attacks sending you to fake websites. They do this in a few ways.
Premium VPN providers use a private DNS service on each of their servers to cut out DNS hijacking. Once you are on the internet, your DNS (domain name service) requests are completed by your VPN rather than vulnerable DNS servers.
Besides this, as soon as you sign up for a VPN, all the domain name system requests to the DNS server will be encrypted with military-grade encryption. In the same way, all other data, which passes through the encrypted tunnels, will be.
Finally, because the IP addresses are changed, any attacker will see the servers IP you are connected to rather than your real IP. Thus, your router DNS security is enhanced, as it will be invisible to anyone else.(Read How to Hide Your IP Address)
If there is a downside, it is that not all VPN’s are equal, and some do have DNS or IP leaks, which can be enough to let an attacker in to carry out their DNS hijacking.
However, selecting the right VPN for the task, and you will have the very best internet experience while preventing any DNS hijacking from your malware-free device and your router.
