If not redirected, please click here https://www.thesecuritybuddy.com/email-security/dns-hijacking-attack-in-email-transport/
DNS Hijacking is one of the most
common recent threats, in which the attackers subvert the resolution
of Domain Name System or DNS queries and redirects a
victim machine to malicious websites for nefarious activities.
Study says, attackers can perpetrate
DNS Hijacking while transporting emails from one mail server to
another and thus, steal sensitive data transferred through the
emails.
Let's understand in detail how it is
possible.
What is DNS Hijacking Attack ?
When we type a URL in the address bar
of the browser, the computer sends DNS query to appropriate DNS
Servers and resolves the IP address of the required website.
In DNS Hijacking, the attacker
infects the computer with malware and changes the DNS settings of the
computer, such that when a DNS query is made, a rogue DNS Server
controlled by the attacker is contacted instead of an authenticated
one. As a result, whenever any URL is typed, the victim computer
ends up sending the DNS query to the DNS Server controlled by the
attacker and a malicious IP address is returned. And thus, the victim
computer ends up visiting a malicious website controlled by the
attacker.
Now, the attacker can spread malware
through the website or steal sensitive data from the user to
perpetrate Phishing attack later.
You can find more information on DNS Hijacking in DNS Hijacking.
How can attackers perpetrate DNS Hijacking Attack to steal sensitive data transferred over emails ?
Let's understand first, how emails are
transported from one mail server to another mail server.
Suppose, Alice with email address
alice@source.com wants to send
an email to Bob, who has the email address bob@destination.com.
When Alice will send the email, mail
server of Alice' mail provider will try to find out the IP address of
the mail server of Bob's mail provider.
To do that, the source mail server ask
the DNS Server for the DNS MX Record for the domain destination.com.
An MX Record is a specific form of DNS Record that allows us to know
the IP address of the domain where the email should be sent to.
The DNS Server at this point will
respond with the IP address of the domain destination.com and the
source mail server will send the email using that IP address.
In DNS MX Record Hijacking, the
attacker compromises the DNS Server that is used by the source mail
server. And IP address of a server controlled by the attacker is
returned, instead of that of the domain destination.com.
The source mail server cannot realize
the trick and it ends up sending the email to the attacker's server.
The attacker can now read the email and
steal sensitive information transferred through the email. And, to
make the attack invisible, after stealing the information the
attacker sends the email to the mail server of Bob's mail provider.
How can we safeguard ourselves ?
SMTP STS is a recent technology which can be effectively used to prevent this attack. SMTP STS or SMTP Strict Transport Security is a policy that ensures secure SMTP sessions over TLS.
You will find more information on this policy here : SMTP STS
You will find more information on this policy here : SMTP STS
Using DNSSEC or Domain Name
System Security Extension is also one possible option to mitigate this
attack.
In
DNSSEC, responses
from DNS Servers are validated with digital signatures and
cryptographic keys. As it will not be possible for attackers to
duplicate cryptographic keys, it will be very difficult for attackers
to do DNS MX Record Hijacking, thus preventing the attack altogether.
Read More
Infographic : How to sign and encrypt emails using PGP ?
What is PGP or Pretty Good Privacy ?
How are S/MIME and PGP different from each other in encrypting emails ?
How can Bitmessage be used to send encrypted messages ?
What is SMTP Strict Transport Security ?
How can attackers perpetrate TLS Downgrade Attack to steal sensitive data transferred over emails ?
Read More
Infographic : How to sign and encrypt emails using PGP ?
What is PGP or Pretty Good Privacy ?
How are S/MIME and PGP different from each other in encrypting emails ?
How can Bitmessage be used to send encrypted messages ?
What is SMTP Strict Transport Security ?
How can attackers perpetrate TLS Downgrade Attack to steal sensitive data transferred over emails ?
No comments:
Post a Comment