Protect Your Domain Name from a Cyberattack
It was the fall of 2016 when a cyberattack first brought major international focus to how an insecure Domain Name System (DNS) can bring down even the most powerful corporate players. That attack caused blackouts to websites for the BBC, CNN, The New York Times, Twitter, Verizon, Netflix, HBO, Visa and dozens more, whose domains were operated by a single DNS provider. The attack was most likely perpetrated by the groups Anonymous and New World Hackers, who used the malware Mirai to create a botnet consisting of hundreds of thousands of internet-connected infected devices — printers, IP cameras, residential gateways and baby monitors — to generate a distributed denial-of-service (DDoS) attack. In such an attack, incoming traffic from many devices floods the victim, making it impossible to simply block a single source.
This provided a moment of shocking but necessary enlightenment by illustrating the vulnerability of DNS systems at the time. In a report a few years prior to the attack, Paul Twomey, former CEO of ICANN, (which, among its responsibilities, manages IP addresses and the overall domain name system and root servers for billions of network addresses across 240 countries) said, “One thing is clear — every business, every government, every organization that uses the Internet in its day-to-day operations is vulnerable. Simply put, cybersecurity is no longer ‘one for the IT department.’”
How Do Hackers Use a DNS?
DNS is a naming system that points to the actual location of a device, its numerical IP address managed by ICANN. Hackers can use cache stored by a company’s network or DNS resolvers (which translate a domain name into an IP address) operated by an Internet Service Provider (ISP) or even Google or OpenDNS to trick the resolver to report back the wrong IP address. This sends a user to a bogus address, an email to a wrong destination and so on.
It’s about DNS server configurations. “DNS servers tend to be forgotten about, and their default configuration is not necessarily secure,” says Chris Brenton, a fellow of the SANS Institute and director of security for a major DNS service provider.
DNS can also be compromised when a hacker alters its records and redirects traffic to their own site. But arguably the easiest way for hackers to use a DNS is simply to deny services, which is what happened with the October 2016 attack.
How to Secure Your DNS
Follow these steps to safeguard your DNS against attacks.0