The UK’s National Cyber Security Centre (NCSC) has raised concerns about the increasing threat of DNS hijacking attacks, following reports of a large-scale attack in Brazil affecting over 180,000 users. DNS hijacking involves attackers taking control of authoritative DNS servers to manipulate DNS entries and redirect users to malicious servers, enabling them to carry out Man in the Middle attacks.
Recent incidents such as the DNSpionage campaign and ongoing Sea Turtle attacks highlighted the severity of these threats. However, attackers are now targeting consumers through a different approach, as discovered by cybersecurity firm Avast. These attacks involve modifying home router settings, potentially through CSRF attacks, to force the use of rogue DNS servers. This tactic aims to redirect users to phishing pages or malware-infected sites without their knowledge.
Avast reported blocking over 4.6 million CSRF attacks in Brazil between February and March, with 180,000 users falling victim to DNS hijacking in the first half of 2019. The initial attack often occurs through malvertising on compromised websites, redirecting users to a router exploit kit landing page. Once the attacker gains access to the router, they change its DNS settings using CSRF requests.
The exploit kits GhostDNS, Navidade, and SonarDNS are commonly used in these attacks, allowing attackers to steal sensitive information like Netflix and banking credentials, replace legitimate ads with malicious ones for profit, and even install crypto-jacking scripts on browsers. To protect against these threats, Avast advised users to keep their router firmware updated, use strong and unique passwords for online banking and router logins, and ensure that banking websites have valid security certificates.
In light of these escalating DNS hijacking attacks, it is crucial for users to remain vigilant and take proactive measures to safeguard their online security. Stay informed about the latest cybersecurity threats and best practices to mitigate the risks of falling victim to malicious attacks.