Domain and DNS Hijacking - Protect Your Company

In early 2019, the U.S. government’s cybersecurity center issued a strong warning to protect your network from a DNS hijacking attack.

In this attack, the IP addresses of your domain’s DNS servers are changed to IP addresses of attacker-controlled servers. By doing so, bad actors can redirect your unsuspecting users to malicious websites.

In 2013 a group of hackers known as the Syrian Electronic Army took over the web domain of The New York Times, Needless to say it brought down their website. They didn't not stop there. They did it a second time as well! In 2016, in a massive case of bank fraud that lasted over six hours, a Brazilian bank’s websites were taken over, and online customers were routed to the attackers’ phishing sites. In all cases, the attackers used DNS hijacking.

Domain Hijacking - Someone gets access to your Domain Registrar Credentials

DNS Hijacking - Someone gains access to your DNS Hosting (or records)

There are some simple things you can do to protect your network against it.

Cybercriminals know that DNS – or Domain Name System – is a moreless trusted protocol, and many organizations don’t monitor their DNS traffic for malicious activity. Because of this, DNS can serve as the medium for a variety of attacks against company networks. In fact, DNS-based attacks have been on the rise in the last decade.

Your Domain is essentially your entire company, not just your website, but all of your email, servers, subdomain (intranet, extranet etc).

  • Do your customers, pay online?
  • Do you have a paypal account linked to your domain?
  • Do you have bank accounts linked to your domain?
  • Do your customers log into your site with username and password?

10 Steps to Increase Your Domain and DNS Security

  1. Choose a good domain registrar company (Don’t use the same company for domain registration and web hosting services)
  2. Use a strong password (change it regularily and don't use the password for any other site)
  3. Enable two-factor authentication
  4. Always enable domain locking
  5. Enable DNSSEC between your Domain Registrar and DNS Hosting
  6. Monitor Your DNS for changes - You monitor your website for Uptime, monitor your website for changes
  7. Enable WHOIS protection
  8. Keep your domain contact details updated
  9. Never share your domain register login details with strangers (if you do, change the password after they are done)
  10. Pay attention to incoming emails requesting registrar login details (watch for phishing schemes, and unusual activity).

Posted in Linux Network Admin Tips, Network Security Tips on Nov 05, 2020