No single DNS server holds all the IP addresses and corresponding domains in the world wide web. In order for us to access any website, it is necessary to have a DNS query translate our request into the internet language. DNS hijacking works by redirecting users to fake or malicious web pages and it is very hard to detect by common users.
There are two main types of DNS hijacking. The first one is known as pharming and it is a cyber attack intended to redirect a website’s traffic to another fake site. This is achieved with the classic ‘man in the middle’ approach that will intercept a user’s DNS request and redirect it to a compromised DNS server. By using a DNS switching Trojan to return incorrect IP addresses to a user’s machine, the request will lead users to a spoof website, similar to the one they were trying to access. This type of attack aims to collect personal data, such as financial information.
The second type of cyber attack is known as malware. It is the most common type of outbreak and happens when an attacker infects a user’s machine or router with a malware agent. In this case, invaders will change the infected user’s computer’s DNS configurations. An example of DNS malware would be DNSChanger, which until 2012 affected over four million people and would replace advertising on websites with ads sold by hackers.
In addition, some ISPs use DNS hijacking for their own purposes, such as displaying advertisements or collecting statistics. Some of those include Plusnet, Verizon, and Virgin Media.
How to Protect Yourself
There are a number of steps that end users can take to protect themselves from DNS hijacking. While some of them can be considered basic measures and that any person accessing the internet should already have them check-markedbe taking, it’s never enough to revise themthey’re still worth going over. Installing an Antivirus is the first of them. As most Antiviruses are now able to analyze the links that users are trying to access, they can detect if they are unsafe. Obviously, users shouldn’t simply rely on their Antivirus software to do that scan for them. It is also their responsibility to avoid following suspicious sketchy links and be aware of familiar websites acting suspiciously. And since nowadays it is quite simple to break into a router, changing its password may also be helpful.
Additional software, such as a VPN program, can be helpful in preventing DNS hijacking, as they encrypt internet traffic and DNS settings. Some VPN programs even have extra security features to prevent DNS leaks. Furthermore, a good way to prevent DNS attacks is to change the default DNS server. Computers and routers usually connect to the global DNS service through the local ISP. There are several alternative DNS services and some of them are free, such as Google Public DNS, Google DNS over HTTPS, or Cisco OpenDNS, is advisable.
For domain owners, more complex measures can be taken in order to avoid DNS hijacking, such as implementing Domain Name System Security Extensions (DNSSEC). TheseIt allows domain owners to track traffic on their domains and consequently check for suspicious activity. It’s also possible to register their domains’ zones and enable DNS resolvers to verify the authenticity of all DNS responses.
Best VPN Services of 2019
|Editor's Choice 2019|