ThreatSTOP Blog

Multiple Government Entities Targeted with Massive DNS Attacks

Written by John Bambenek | February 5, 2019

In recent weeks, reports have emerged that various government entities have been the target of DNS hijacking attacks. These attacks would redirect those attempting to interact with legitimate government sites and instead send them to malicious infrastructure who could engage in phishing attacks, email theft, or a wide variety of misconduct.

Third-party risk has always been an area of concern, and this is a new twist on an old problem: How do you protect yourself when a trusted partner is compromised?

  • Everything on the internet begins with a DNS query and if you control DNS, you control the machine. By hijacking authoritative DNS records, attackers could redirect victims anywhere they wanted.
  • Even though these attacks can be transparent to the end-user, the traffic still needs to go “somewhere”. By identifying suspect IP addresses, malicious name servers, or phishing IP addresses, it becomes possible with a DNS firewall to block these queries from redirected your users to the bad guys. It converts a silent error and successful attack, to a loud and obvious break in communication that can then be diagnosed and reported.

Want to learn more about how (and why) controlling DNS stops the threat factory and the attacks? Check it out below. 

 

Photo credit: Technology Times