DNS Spoofing: What It Is & How to Protect Yourself

Virtual ArmourCybersecurity, Risk Mitigation & Prevention

DNS Spoofing: What It Is & How to Protect Yourself

Cybersecurity crimes have plagued businesses large and small for years, but criminals are increasingly using DNS Spoofing as their tool of choice. In order to protect you and your business from cyber attacks like DNS Spoofing it is important for you to understand what DNS Spoofing is and what measures you can take to protect yourself and your business from it.

What is DNS?

DNS (Domain Name System) is a system that acts like a phone book for the internet. Whenever you click on a link or type a website’s URL into your web browser your computer sends a DNS request to the nameserver. This nameserver then checks its DNS resolver cache so that it can match the URL you typed with the URL of the website you are looking for. This is similar to using the phone book to look up someone’s phone number. Each website has one or more unique IP addresses that act like phone numbers.

Once your browser knows the IP address of the website you are looking for it downloads the necessary web pages, which then appear on your computer screen.

In most cases this entire process is completed in a few milliseconds, so you may not even notice it as you move from website to website. Most web browsers default to a nameserver that is specified by your ISP (Internet Service Provider), though many electronic devices allow you to specify your preferred nameserver in your internet connection settings. This allows users to choose whether they would prefer to use a public DNS server or a private one. A popular example of a public DNS server is the Google DNS server, which you access any time you use Google to search for something.

What is DNS Spoofing?

DNS Spoofing occurs when a user (typically a cybercriminal) alters the entries in the nameserver’s DNS resolver cache. This is analogous to changing someone’s phone number in the phone book so that you can reroute their calls. When someone alters an entry it reroutes user traffic away from the correct site to a different site the cybercriminal has chosen.

Why Do Cybercriminals Use DNS Spoofing?

There are a number of reasons a cybercriminal would use DNS Spoofing for criminal activities. These could include:

Redirecting Traffic

An altered DNS entry might direct visitors to a website they never intended to visit. For example, a cybercriminal may direct users to a phishing website. Phishing websites typically look almost identical to the real website but are used by cybercriminals to try and trick users into providing sensitive information such as usernames, passwords, credit card information, or even social insurance numbers. However, some Internet Service Providers also use DNS redirection in order to show users advertisements or collect user data before the users continue on to their intended websites.

Launching a Website Attack

Cyber attacks such as DDos (Distributed Denial of Service) attack use tools such as DNS Spoofing to achieve their ends. When this happens a cybercriminal might redirect a large amount of internet traffic to a server that is unable to handle that much traffic. This causes the server to either slow down, stop working, or encounter a wide variety of errors. This, in turn, can shut down a website or a company server.

Censoring Information

Since it is nearly impossible to browse the internet without using a DNS server of some kind whoever controls the DNS server controls who can see what on the internet. Some governments use DNS rerouting to censor certain content. This is done by rerouting DNS traffic to limit what the country’s citizens are allowed to see on the internet.

How to Protect Your Business From DNS Spoofing

What Can I Do to Protect My Business?

The first step to ensuring your business is protected is to constantly monitor your company’s DNS server so that you can tell right away if it has been tampered with or infected with malware. Most of us are not in the habit of checking our DNS settings, but knowing if and when an attack has occurred is the first step to keeping your business secure.

You should also always check that the websites you are visiting use HTTPS. HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP and ensures that all communication between your browser and the website you are looking at is encrypted. You can check this by looking at the section of your web browser where you type in a website’s URL. If the website is secure then the address will start with “https”, a small image of a closed padlock, or both.

Imposer sites will not be secured, so you won’t see either the padlock or “https”. The HTTPS ensures that the website in question has a valid SSL certificate, and the padlock indicates that your connection with the site is encrypted. Unfortunately, not all websites use HTTPS, so this method is not entirely foolproof. If you come across a website where “https” is written but it shows up in red or is crossed out that means that the website’s SSL certificate is not valid and you should leave the site immediately.

You should also make sure your anti-virus software is up to date. This will hopefully stop any malware you do encounter from infecting your device or your network.

Where Can I Get Help?

If you are ever unsure of what steps you should take to secure your business against cyber criminals you should consult with a reputable security expert. They will be able to answer any questions you have, audit your current cybersecurity practices, and recommend steps you can take to better secure your company against cybercriminals.