DNS Hijacking

DNS hijacking, also often referred to as DNS poisoning or DNS redirection is the practice by some cybercriminals to divert the resolution of Domain Name System (DNS) queries. This can be achieved in several ways.

For one, a computer’s TCP/IP configuration can be overridden by malware to point to a DNS server under the control of a cybercriminal. It can also be done by modifying the behavior of a legitimate DNS server so that it does not comply with Internet standards.

This means, that a user could access a fraudulent website without knowing that they have done so and, in the process, open their personal information to several risks.

How Does DNS Hijacking Work?
Under normal circumstances, a user that wants to go to a business’s website will type the URL in the address bar of their browser. The DNS system acts as the telephone book of the Internet and translates human-readable URLs into machine-readable IP addresses. In this way, Internet users don’t have to remember the IP addresses of the websites they visit.

Under normal circumstances, a user that wants to go to a business’s website will type the URL in the address bar of their browser. The DNS system acts as the telephone book of the Internet and translates human-readable URLs into machine-readable IP addresses. In this way, Internet users don’t have to remember the IP addresses of the websites they visit.

DNS hijacking works when cybercriminals cause the DNS resolver to incorrectly resolve the DNS to send users to malicious websites. So, while users may think that they’re visiting www.business.com, they’re in fact visiting a website operated by cybercriminals or hackers. They do this by taking over routers, hacking domain name server communication, or installing malware on users’ devices.

As the user then uses a fraudulent website, it opens their personal information and data to risk.

How Do I Prevent DNS Hijacking?
To prevent DNS hijacking, there are several measures both users and website owners can take. To prevent name server hijacking, a business can consider installing firewalls around their DNS resolver, increasing restrictions on access to name servers, and prevent cache poisoning. It’s also helpful to fix any known vulnerabilities immediately before cybercriminals can initiate attacks on DNS.

Users can prevent DNS hijacking by frequently changing their passwords, installing, and updating their computer antivirus software, and using reliable virtual private networks.

Website owners, on the other hand, can ensure that only a few members of their IT team have secure access to their DNS. They can also implement client-lock which locks DNS records unless a request is made from a particular IP address. Also, it’s helpful to use a domain name service with DNSSEC to add an extra layer of protection against DNS hijacking.