Why nearly all businesses are at risk from SAD DNS

Owning a website comes with many challenges, one of which is the fact that you are making yourself a target for cybercriminals.

Image Credit

One of the newest threats to emerge is side-channel attacked DNS, known as SAD DNS.

What is SAD DNS?

SAD DNS is a newly-discovered threat that could potentially generate a significant increase in DNS cache poisoning attacks.

What is DNS cache poisoning?

DNS cache poisoning is a vulnerability that was first discovered in 2008. SAD DNS is a side-channel attack that can exploit this.

On average, 30,000 new websites are hacked every day.

There are hundreds of providers to choose from if you are looking to buy domain name services – web hosting, domain names, email etc – such as https://www.names.co.uk/domain-names.

Image Credit

How does DNS works?

1. When a user types a web address/domain name into their browser, it sends a query to what is known as a recursive name server or a public DNS.

2. Initially, this name server triggers a number of queries to different name servers – the root DNS, the registry, and lastly the authoritative DNS.

3. The name server collects a response and displays the website in the browser.

For the sake of efficiency, the IP address is stored at the resolver end so that it can return the same destination the next time an identical query is received. This is known as caching and speeds up website access, especially for sites that are regularly visited.

It is this cache that can be compromised. DNS cache poisoning occurs when the resolver – usually the ISP – is corrupted by a cyber-attacker to return a spoofed IP address, which in turn sends users to the wrong place. This means that an individual typing in a legitimate domain name can be diverted to a phishing website or one loaded with malware. This can then be a conduit for obtaining sensitive/confidential information.

How to mitigate DNS cache poisoning

This type of attack can be prevented in two ways:

1. Domain name security extensions (DNSSEC) use digital signatures to validate the legitimacy of the DNS data.

2. Source port randomisation makes it almost impossible for attackers to guess the validation using brute force tactics.

SAD DNS is a live and serious threat to all companies around the globe and needs to be taken seriously.