Copy

Regional Cyber Briefing

Tweet
Share
Forward

Current Threats


DNS Hijacking
An attack where criminals redirect users to undesired/malicious websites, usually by compromising devices or servers and changing settings.

The Domain Name System (DNS) is essentially an internet phonebook, which allows domains (groups of devices) to locate and talk to each other so they can access resources such as web pages. Locating domains correctly is quite a convoluted process involving a lot of entities.

In a stripped down scenario, when you type in a domain name/URL (e.g. 'www.google.com' for the website hosted by Google),  your browser will ask your internet service provider where that domain is located. Your service provider doesn't have this information, so it asks other organisations who are responsible for domain records such as registrars/registries. These organisations will eventually locate the desired domain, and that domain will verify that it is in fact the correct one (i.e. "Yes that website is hosted here and belongs to us, here it is!").

[Note: In this process, domain names are translated to numeric labels called 'IP addresses' - because computers prefer working with numbers!]

If there's a compromise anywhere in this chain then that can be a real problem. Modified DNS settings can redirect a visitor to a malicious website belonging to an attacker. The visitor likely won't be aware that this has happened as they type the same URL in as usual, it just gets redirected in the background. The fake website could be designed to steal sensitive information or get someone to download malware.

Advice

There are a few different DNS hijacking methods to be aware of. These are discussed below, along with advice on how to protect yourself against these methods.

Method #1

Criminals will seek to install malware on your device which modifies the DNS settings on your computer/router. This will silently point you to rogue websites. To counter this, make sure that you:

> Install security patches and updates as they're released.

> Install and frequently update antivirus and anti-malware software.

> Avoid clicking on suspicious links in unsolicited emails/texts/social media messages.

> Don't download dodgy/untrusted applications.  

Method #2

Criminals will hack into your router and change the DNS settings:

> One way you can protect your router from being compromised is to make sure you change the default admin username and password for the device. Default factory logins are available readily online, so this is an easy way in for hackers if login info is left unchanged.


Method #3

As discussed in the Threat section, your internet service provider or external agency may have become compromised. If this has happened, unfortunately there isn't a whole lot you can do. However, bear in mind the following points:

> Be very cautious and suspicious when a site that you visit regularly is behaving strangely (e.g. new pop-ups and unusual calls to action).

> Review your Business Continuity and Incident Response plans, and think about how incidents such as these are factored into your plans.

Method #4

It's also possible that a criminal will connect to public Wi-Fi networks and masquerade as a legitimate hotspot so that they can eavesdrop on your web traffic. To defend against this, avoid using public Wi-Fi to conduct any sensitive business which requires login information. As a rule, if the Wi-Fi doesn't have a landing page discussing terms of service or similar, be suspicious.

Every Report Matters – if you have been a victim of fraud or cyber crime, report it to Action Fraud (either online at https://www.actionfraud.police.uk/ or call 0300 123 2040).

Events

The Source Trade Show - Westpoint, Exeter, 6th-7th February

We'll be serving up fresh cyber security advice to  catering and hospitality professionals at this premier South West event. Visit the event page at https://thesourcetradeshow.co.uk/ to find out more.

News

International hacker-for-hire jailed for cyber attacks on Liberian telecommunications provider.
A British cyber criminal has been sentenced to two years and eight months for conducting attacks that disrupted a Liberian telecommunications provider, resulting in losses estimated at tens of millions of US dollars. (Read more at NCA).
El Chapo Trial: Why his I.T. guy had a nervous breakdown. The FBI admitted that agents had cracked the communications between the notorious drug lord and his associates by enlisting the help of his IT consultant. (Read more at NYTimes).

Useful Links

Regional Cyber Crime Unit Contacts
If you know of other organisations outside of the South West who would be interested in cyber security presentations/workshops/advice, then you can direct them to the NCSC page at https://www.ncsc.gov.uk/information/regional-organised-crime-units-rocus to find the contact details for their RCCU.
Subscribe to this mailing list
Copyright © 2019 SW Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can
update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp