DNS spoofing: definition and protective measures
In IT security, DNS spoofing is a collective term for different variants of DNS manipulation. DNS spoofing is one of the man-in-the-middle attacks and aims to redirect Internet users to other websites in order to obtain data through phishing. For example, passwords or bank details.
DNS spoofing definition
DNS spoofing is a specific form of man-in-the-middle attack. DNS stands for Domain Name System. This is the telephone book of the Internet, so to speak. DNS assigns domain names to the IP addresses of the web servers. Hackers manipulate this DNS in a certain way and redirect users to another site without being noticed. The unknowing users enter their data there and the cybercriminals simply fish it off the page.
“Spoofing” means “pretending”. This also describes very well what DNS spoofing is. The page to which hackers redirect inexperienced users is a copy of the website they are actually accessing. As a result, it is not even noticeable that it is a wrong page. DNS spoofing is particularly popular with bank websites or payment services, for example.
At this point, it is therefore time once again to point out that you should not click on any links in e-mails unless you are absolutely sure that the source is reputable. If you go to your bank’s website via a link in an e-mail, you may end up on a fake website and be the victim of phishing. Therefore, always navigate to pages such as those of your bank or online stores directly via the browser input field.
As DNS queries are usually unencrypted, they are a popular target for cybercriminals. The “openness” allows hackers several approaches to place malware and direct users to this ransomware or otherwise cause damage.
Forms of DNS spoofing
The collective term DNS spoofing covers numerous types of cyberattacks. The two most important and most frequently used variants are DNS cache poisoning and DNS hijacking:
- DNS cache poisoning: Hackers manipulate the DNS entries in end devices, routers or servers by changing the DNS entries of name servers. These then end up in the cache of all requesting servers and end devices, thus redirecting traffic.
- DNS hijacking: DNS hijacking works via malware that is installed on routers or end devices. The malware in question redirects users to malicious sites by manipulating the settings directly on the devices.
One of the best-known examples of DNS hijacking is the Win32/DNSChanger Trojan, which has been around since 2006. - DNS tunneling: Attackers circumvent network security with DNS protocols and use them to covertly transfer data to the Domain Name System. They can then use the direct DNS infrastructure to intercept and transmit confidential information via hidden communication channels.
In addition to phishing, there is also DNS spoofing, which leads to websites with advertising banners placed on them. These banners are provided with a pay-per-click system, and every click generates money for the hackers.
Protection against DNS spoofing
Protection against DNS spoofing is primarily provided by the Domain Name System and browsers. The name servers now send a large amount of random data and information. This makes the important data far less easy to see through and the attackers do not know what they need to intercept. Data encryption is an important component of protection against DNS spoofing. This includes the switch from http to https for websites.
If you have not already done so, you should make your website secure. It’s also important that you keep your eyes open and stay alert on the Internet. Only enter data on websites that you trust and that you are sure are the original. As already mentioned, redirection often takes place via links in emails. Avoid this route and go directly to the relevant domains via the browser.
