Unfortunately, as cyberthreats have evolved, over 86% of companies that leave DNS unmonitored have not modernized their DNS to help thwart malware before malicious adversaries exploit the glaring hole on the network. This blog looks at the ways threats have evolved to take advantage of legacy DNS, and what organizations should do now to increase their defenses and reduce their attack surface.
Remember when cyberattacks were delivered via faxes from Nigerian princes? Although the objective – separating a business from its money – hasn’t changed much, the methodologies certainly have. In the 80s and 90s, when enterprise networks were beginning to connect to the internet, DNS was simply the phone book that translated domain name to IP address. Soon enough, bad actors evolved from phreaking to phishing, dropping telephone scams in favor of the rapidly spreading internet, bombarding users with seemingly innocuous emails whose goal was to harvest network account and password information to gain inside access to applications, data, and ultimately money.
There are several ways DNS can be used in a cyberattack. DNS hijacking is pretty straightforward – a trojan infects a system and alters DNS settings directly, so all traffic passes through the hijackers’ server, leading to all kinds compromised credentials and data.
Then there’s DNS Cache Poisoning, or spoofing, where bad actors replace data stored locally in the DNS cache, so cache lookups return the addresses they want, rather than those of the actual domain, leaving unknowing users vulnerable to phishing and other attacks when they believe they are accessing trusted sites. This has always been hard to detect, but the danger increases as attackers utilize new types of malware which is nearly impossible to uncover.
Businesses that rely on consumer ISP can also face another DNS hijacking threat, as many popular ISPs have used DNS to display advertisements or collect statistics from business customers, which can invite cross-scripting attacks as well.
Even enterprises that are looking through DNS logs in an attempt to uncover bad actors face a new DNS-based challenge, that of domain generation algorithms (DGAs), which let the bad guys cloak their command and control servers in a sea of short-lived domains that come and go in a flash with the sole purpose of evading detection while they attack.
Many enterprises give little thought to updating their DNS at all. But as DNS-based cyberattacks continue to evolve, last year’s DNS servers may fall far short of defending against today’s attacks. When even ISPs are altering DNS to serve their own purpose, businesses of all sizes must be vigilant in the selection and deployment of enterprise-class DNS that puts safety first.
BlueCat is the Enterprise DNS Company™. The largest global enterprises trust BlueCat to provide the foundation for digital transformation strategies such as cloud migration, virtualization and security. Our innovative Enterprise DNS solutions portfolio, comprised of BlueCat DNS Integrity™ and BlueCat DNS Edge™, enables the centralization and automation of DNS services and the ability to leverage valuable DNS data for significantly increased control, compliance and security. For more information, please visit www.bluecatnetworks.com.