DNS spoofing: definition and protective measures
In IT security, DNS spoofing is a collective term for different variants of DNS manipulation. DNS spoofing is one of the man-in-the-middle attacks and aims to redirect Internet users to other websites in order to obtain data through phishing. For example, passwords or bank details.
DNS spoofing definition
DNS spoofing is a specific form of man-in-the-middle attack. DNS stands for Domain Name System. This is the telephone directory of the Internet, so to speak. DNS assigns domain names to the IP addresses of web servers. Hackers manipulate this DNS in a certain way and redirect users to another site without being noticed. There, the unknowing users enter their data and the cybercriminals simply fish it off the page. “Spoofing” means “pretending”. This also describes very well what DNS spoofing is. The page to which hackers redirect unsuspecting users is a copy of the website they are actually accessing. As a result, it is not even noticeable that it is a fake page. DNS spoofing is particularly popular with bank websites or payment services, for example. It is therefore time to point out once again that you should not click on links in emails unless you are absolutely sure that the source is reputable. If you go to your bank’s website via a link in an e-mail, you may end up on a fake website and be the victim of phishing. Therefore, always access sites such as those of your bank or online stores directly via the browser input field. As DNS requests are usually unencrypted, they are a popular target for cyber criminals. The “openness” allows hackers several approaches to place malware and direct users to this ransomware or cause damage in other ways.
Forms of DNS spoofing
The collective term DNS spoofing covers numerous types of cyberattacks. The two most important and most frequently used variants are DNS cache poisoning and DNS hijacking:
- DNS cache poisoning: Hackers manipulate the DNS entries in end devices, routers or servers by changing the DNS entries of name servers. These then end up in the cache of all requesting servers and end devices, thus redirecting traffic.
- DNS hijacking: DNS hijacking works via malware that is installed on routers or end devices. The malware in question redirects users to malicious sites by manipulating the settings directly on the devices.
One of the best-known examples of DNS hijacking is the Win32/DNSChanger Trojan, which has been around since 2006. - DNS tunneling: Attackers circumvent network security with DNS protocols and use them to covertly transfer data to the Domain Name System. They can then use the direct DNS infrastructure to intercept and transmit confidential information via hidden communication channels.
In addition to phishing, there is also DNS spoofing, which leads to websites with advertising banners placed on them. These banners are provided with a pay-per-click system, and every click generates money for the hackers.
Protection against DNS spoofing
Protection against DNS spoofing is primarily provided by the Domain Name System and browsers. The name servers now send a large amount of random data and information. This makes the important data far less transparent and attackers do not know what they need to intercept. Encrypting data is an important part of protecting against DNS spoofing. This includes switching websites from http to https. If this has not yet been done, you should therefore make your website secure. It is also important that you keep your own eyes open and be vigilant on the Internet. Only enter data on websites that you trust and that you are sure are the original. As already mentioned, redirection often takes place via links in e-mails. Avoid this route and go directly to the relevant domains via the browser.