According to the Cisco 2016 Annual Security Report, 91% of all malware employed the Domain Name System (DNS) channel to carry out malicious attacks. As network environments become increasingly vulnerable to emerging attacks, it is critical for organisations to navigate and adapt to the ever-changing landscape of cyber security.
One of the most common gaps in security defence strategies is overlooking DNS as a critical attack vector. Cyber security experts, Mr Alvin Rodrigues and Mr Max Chua from Infoblox, highlight the importance of securing the DNS channel to protect your company’s network.
DNS describes a protocol that translates domain names (the destination typed into a web browser) into a numerical IP address, which is used by browsers to bring up web content.
Cyber attackers take advantage of the communication between client and server, leveraging the DNS channel to carry out attacks.
The COVID-19 pandemic has drastically changed how companies maintain their core operations. As existing security controls undergo significant restructuring, strengthening a network’s DNS security is crucial to managing risks and new vulnerabilities.
“Your network is your business,” Mr Rodrigues emphasises, “and the common baseline across all networks is DNS. It is the first point of contact and can serve as the first line of detection and protection.” In other words, if your DNS is down, your business is down.
Cyber-attacks can result in significant damage and cost. Protecting the network that drives business operations is, hence, a critical investment.
There are various DNS attacks, including cache poisoning, network floods, or domain hijacking, which target the network’s DNS service. The primary aim of a DNS attack is to infiltrate and exfiltrate information to a server outside the network, via DNS as an undetected backdoor channel.
To do so, the attacker first sets up an authoritative name server of a particular domain. Next, confidential data, such as credit card details, is extracted from a victims’ private computer. The infected client encodes and splits up confidential data into separate DNS requests via a prepared script, and sends them through the corporate DNS server, which finally forwards the packages to the authoritative attack server. The attacker who controls the target DNS server is thus able to extract and reconstruct the victim’s data.
In a real-life DNS attack incident, the Alina Trojan—malware operators used by fraud and cybercrime gangs—utilised DNS channels to steal payment card data from Windows-based point-of-sale (POS) devices. Even though the victims’ PIN numbers were not retrieved, card numbers, expiration dates, and names were widely traded on darknet sites to facilitate fraudulent activities.
To watch a live demo of a DNS attack, click here. The key takeaway is to increase monitoring for DNS security, and to implement a secured solution.
There are many different types of DNS attacks. Companies can protect themselves by inspecting all incoming network queries to identify any potential malicious traffic.
As a DNS, DHCP and IP address management (DDI) platform, Infoblox prevents security attacks by deploying an Infoblox DNS server that inspects all queries in a network environment. This is achieved primarily through:
To conclude, it is important to consider the symbiotic relationship between a business, its digital footprint and cyber security to drive and protect a business.
The benefits of implementing a holistic cyber defence strategy include:
Businesses with robust cyber defence can effectively contain threats, tackle and predict new risks, and enable a harmonised security posture that promises to deliver a better ROI from the company’s collective security stack.
To find out more about Infoblox, contact Mr Rodrigues at [email protected].
Interested to watch the full discussion? Head over to the recording to watch the complete webinar session!
The SGTech Cyber Security Chapter aims to promote awareness and adoption of cybersecurity among organisations in Singapore, and boost a pipeline of talent to ensure the continued viability of the Singapore’s cybersecurity industry.
Please contact [email protected] if you'd like to find out more about the Chapter.