Romanian versions of Google, PayPal, Yahoo and a host of other sites were defaced today thanks to some DNS attacks.
An Algerian hacker took credit for the hits, leaving a portentous message: “To be continued…”. Kaspersky and Microsoft sites were also affected, but it appears the DNS servers have been cleaned of malicious activity.
“All this could have been much worse if the attacker had other goals in his mind than just becoming famous by defacing famous websites. Imagine how many accounts could have been compromised this morning if these websites were redirected to a phishing page, instead of a defacement page,” said Kaspersky Lab expert Stefan Tanase, in a blog post.
These DNS attacks in Romania came in a month where hits at that level have been abnormally prominent. Another spate of defacements took place in Pakistan earlier this week when PKNIC, which manages part of the DNS for a variety of the country’s top level domains, was hit.
Furthermore, a host of Go Daddy customers were compromised earlier this week and had their DNS settings tampered with. This led to visitors to specially-crafted subdomains on Go Daddy-hosted sites being redirected to pages serving up ransomware. The malware locked users out of their machines and demanded payment to unlock their systems.
One major issue is DNS cache poisoning, which had initially been suspected as the cause of the Romanian incident today. DNS cache servers hold domain name resolutions, which are initially delivered from an authoritative DNS server, which translate URLs (e.g. TechWeekEurope.co.uk) into IP addresses (e.g. 1.2.3.4).
In an attack scenario, a hacker determines when a DNS cache server is going to erase memory of a domain name resolution. They then “poison” the cache server by telling it to resolve domain name requests to their own websites. This works if, firstly, they beat the authoritative DNS server to supplying the information to the cache server, and, secondly, they guess the right query parameters for a request.
Such problems could be fixed with implementation of DNSSEC, which comprises of various pieces of code, with the aim being to sign different stages of the DNS lookup process. This would mean that DNS servers would only process requests from trusted sources.
But, to date, DNSSEC has seen minimal uptake across the world.
Think you’re a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…