Understanding DNS Spoofing: A Guide for Non-Techies

DNS spoofing is a malicious cyber attack that can redirect users from a legitimate website to a malicious one. It is becoming increasingly common and can be used to steal sensitive information, launch denial of service attacks, or intercept and modify data. As a result, organizations must implement a multi-faceted approach that includes technical and administrative security measures to protect their networks. In this article, we will explain what DNS spoofing is, how it is performed, and how to prevent it.

DNS Spoofing briefly explained

DNS Spoofing, also known as DNS Cache Poisoning, is a type of cyber attack where an attacker exploits a vulnerability in the Domain Name System (DNS) to redirect internet users from legitimate websites to malicious ones. By manipulating the DNS records, an attacker can redirect users to a malicious website that looks legitimate and can dupe unsuspecting victims into providing sensitive information, such as bank details, or downloading malicious software. The attacker can also use DNS spoofing to launch a Denial of Service (DoS) attack, where the attacker floods the target website with fake requests to overload the server and make it unavailable to legitimate users. DNS Cache Poisoning attacks are becoming increasingly common, making it vital for organizations to take steps to protect their networks from this type of attack.

(more…)

List of common DNS attacks

Hacking DNS servers has become a popular and profitable business for hackers. Through time, they have developed different techniques to reach their criminal objectives. Here you have a list of common DNS attacks you should be aware of.

DNS spoofing

The objective of DNS spoofing is to infect a DNS server and change its address records with those of a bad actor’s site. That site looks and feels like the real one, but it is a fake copy. 

The users are deceived that the traffic is oriented to the right site. When users reach this malicious destination, they are pushed to share sensitive personal or banking information.

(more…)