Login

***harlan4096***

Quote:

How does a DNS Poisoning Attack Work? Prevent and Mitigate DNS-delivered Cyberattacks

Modern enterprise cybersecurity has evolved – that’s a true statement. If we were to travel back in time – say, 10 or 20 years – ago, we would have discovered, much to our stupefaction, that cybersecurity was nothing more than an auxiliary attribution, bestowed upon the (un)fortunate soul who had the (dubious privilege) of fulfilling the IT admin role. If memory serves me right, in the early 2000s, there were only a handful of companies that invested in cyber-protection.

As for the rest, my best (educated) guess would be that they were either complacent, willing to go along with any generic cybersecurity countermeasure (ex. Windows’ antiviral suite, freeware, etc.). There’s also the pecuniary aspect of this predicament – elaborate online (and offline) security countermeasures would have entailed ‘unjustifiable’ costs. Hence, decision-makers either nixed the entire initiative, embracing que sera, sera attitude, or used whatever solution they had at hand.

Times have changed, but not for the better. As a company owner or at least someone who has, on occasions, rubbed shoulders with IT/cybersecurity, you must have heard rumors of second-generation malware, malicious campaigns aimed at big corps, public institutions, and government-owned companies. Those ‘rumors’ are, unfortunately, part of the status quo. Dismissing them is equal to signing the death sentence for your company.

At Heimdal™ Security, we have done extensive research on the emergent malicious strains, to devise actionable prevention and mitigation strategies for SMBs, corp C-level execs, and IT managers looking to up their threat- hunting game. Since we’re on the topic of second-gen malware, today’s article will be dedicated to DNS poisoning, a misconfiguration cyber-attack that seems to have resurfaced and wreaked havoc wherever it goes.

In fact, according to IDC’s annual Global DNS Threat Report, in 2020, circa 80% of (interviewed), SMBs and corporations have experienced DNS-delivered attacks. To make matters worse, the companies in question have lost close to $1 million trying to undo the damage.

The same report also mentions that the average attack frequency was 9.5 per company, Northern America being the number one target on the (hackers’) hitlist.
Hoping that the reader has forgiven the author for the long and tedious introduction, here’s everything he or she will need to know about DNS poisoning.

What is DNS poisoning?

As I’ve mentioned in the intro, DNS poisoning is a misconfiguration attack whose purpose is to divert traffic away from a legitimate website and/or server. In doing so, a malicious actor can redirect the user to a cloned website.

It may sound rather simplistic, but nothing could be further from the truth – DNS-delivered attacks, such as poisoning and spoofing (I’ll get to that in a moment), are the result of a masterfully-crafted plan. Before launching the attacks, the hacker needs to gather as much info as possible on the potential target to maximize the chances of success (no-brainer!).

Now, before I will go into more detail, I believe it’s essential to have a quick (and painless) recap on how things work. In other words: “Marty, we need to go back to…” the basics.
...

Login
Username/Email:
Password:	Lost Password?
	Remember me