Proudly serving Virginia, Maryland and DC // Call us today! 703.396.6120
V2 SystemsV2 Systems

by Erik Briceno

Cyber criminals are increasingly relying on legitimate and well-established domains to carry out their maliciousness on the internet. Because of a recent sharp increase in business email compromises (BEC), there has been a major uptick in domain hijacking as well.

What is domain hijacking and how does it affect your business? How does it occur? In our multi-part series on DNS hijacking, we answer these questions, as well as provide you with mitigations for various attack vectors.

What is Domain Hijacking?

Domain hijacking, otherwise known as Domain Name System (DNS) Infrastructure Hijacking, occurs when an attacker uses compromised credentials to modify the location where an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.

Essentially, the result is a transfer of ownership or control of a domain from its rightful owner by way of a fraudulent registrar transfer request or otherwise false change in the registration of the domain. Obviously, this sort of activity often harms the legitimate domain owner. Cybercriminals understand that your website’s domain name system is a unique, trusted protocol and that many companies don’t care to monitor their domains for malevolent activities. For this reason, they may initiate a range of attacks on the organization’s DNS — and they often get away with it.

DNS Attack Vectors

There are a number of ways a DNS hijacking attack can be executed. The four most common types of DNS hijacking attacks are as follows:

Router DNS Hijack

The DNS router is a hardware device that domain service providers use to match domain names to their corresponding IP addresses. Most routers come with preset passwords and a host of firmware vulnerabilities. Cybercriminals can take advantage of weak default passwords and the vulnerabilities to take over the router and reconfigure the DNS settings to their benefit. If they successfully overwrite the DNS router, they can easily divert the traffic to another website and jam your company’s website to make it inaccessible.

Man-In-The-Middle DNS Hijacking

This is also called DNS spoofing. In this case, the attacker targets and intercepts the communication between the website’s traffic and the site’s DNS alters the DNS settings hence directing the traffic to a malicious IP address.

Local DNS Hijack

A local DNS attack installs malware on the website user’s computer. The malware, usually a trojan malware disguised as legitimate software, gives the cyber thieves access to users’ network systems, enabling them to steal data and change DNS settings to direct the users to malicious websites.

Rogue DNS Server

In this type of DNS hijacking, the cybercriminal intercepts the DNS server and alters the DNS settings to divert traffic to fake websites.

In our next article on domain hijacking, we’ll discuss protections and mitigations for each of the above attack vectors, as well as general cybersecurity solutions proven to prevent DNS compromise.

V2Systems Domain Hijacking pt 1 March2022 Blog1 Pic2 1024x683 - Domain Hijacking: Redirecting Your Visitors into the Hands of CriminalsIt’s imperative that you don’t allow criminals to take control of your website. Would you want to visit the V2 Systems website, only to be redirected to a malicious one? Of course not. And we as a company definitely wouldn’t want you to, either. It’s bad for business, bad for your visitors, and – depending on what nefarious activities your domain ends up being used for — is even bad for your country.

Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!

ebriceno
About ebriceno
Erik Briceño is the owner of V2 Systems, Inc., one of Northern Virginia’s leading Information Technology Managed Service Providers. He is an inspiring leader for its employees and instrumental business partner for its customers. He is passionate about V2’s purpose, dedicated to exceeding expectations and a consummate professional not afraid of jumping in and getting his hands dirty. Prior to joining V2 Systems in 2002, Erik was a co-founder and COO of Ampcast.com, a leading provider of online resources servicing over 5,000 independent musical artists. At Ampcast.com, Erik spearheaded all aspects of corporate development, funding, strategic vision, and business development for the firm. From 1997 to 1999 Erik held the position of Acoustic Systems Engineer for Electric Boat Corporation, a leading defense contractor. In this role, Erik was responsible for the acoustic fidelity of two noise critical systems and components in the US Navy’s nuclear submarine systems. Erik holds a B.S. in Mechanical Engineering from Vanderbilt University and a Masters of Business Administration from George Mason University. When not working, you will find Erik a dedicated family man, raising two young children with his lovely wife Karen. Together, they enjoy building legos, playing baseball, skiing, riding horses, swimming, traveling, and fixing up old Mopars.
Domain Hijacking: Redirecting Your Visitors into the Hands of Criminals