We’re used to hackers using conventional attack strategies, so, although we can defend these, it means hackers are looking for more discreet attack methods.
And, just recently, hackers have been looking to exploit routes in and out of our PCs which are not usually monitored for malicious activity. It makes sense for hackers to seek out these poorly defended access points as, for hackers, the best hack is an easy hack.
For businesses, though, it raises a lot of questions on just how in-depth and conscientious your security efforts need to be; in order to help you understand the situation and nature of these attacks, I’m going to discuss the DNSMessenger threat.
DNS as a Means of Attack
The Domain Name System (DNS) is the method by which the domain name of a website, computer or network is converted into an IP address which is a numerical code that can be recognized by PCs e.g. one of the many IP addresses for Google is 74.125.224.72
Now, as DNS helps PCs to communicate with many other systems, it provides a very useful route for hackers to breach defenses. Thankfully, it’s very difficult for hackers to hack directly into the DNS channels, but by using a malware exploit they can gain access. And it’s all part of a trend in the evolution of malware.
Users are prompted to download an MSWord document – containing malicious code – through an email phishing campaign which sets the attack in motion. The malicious payload is written in the Powershell language which permits administration tasks to become automated. It’s at this point that the hackers can identify user privileges and plan the next step of the attack which utilizes the DNS.
Using the DNS, hackers are able to send commands directly to the user’s system and effectively have free rein over that system. What’s particularly deceptive (and clever) about this attack method is that it’s very difficult to monitor; few systems monitor DNS traffic and Powershell operates purely in the system’s memory rather than relying on external files which are easily identifiable.
Combatting DNS Attacks
Whilst there are niche software solutions that can help protect businesses from DNS attacks, the simplest solution is by educating your staff on the telltale signs of malware and phishing:
- If you do not recognize an email address then, under no circumstances, click on any links or files contained within it. And, even if you do recognize the sender’s email address, run a quick audit on the email’s content as the sender’s account could have been hacked – badly worded and poorly formatted emails are often a sign of hacked emails.
- The DNSMessenger attack is only able to unleash its payload once the infected Word document is opened and the recipient clicks on the pop up window prompting them to “Enable Content”. By enabling the content, the recipient is unwillingly giving permission for their system to be hacked, so always treat this request with suspicion.
These preventative methods are fairly simple, but, due to the volume of emails people receive these days, there doesn’t seem to be the time to carry out these quick checks. However, with hackers taking their attacks in new directions which are incredibly difficult to monitor, a few seconds thought could save your systems from a nasty attack.
For more ways to secure and optimize your business technology, contact your local IT professionals.
