(also DNS poisoning or DNS redirection)
DNS hijacking definition
Domain name system (DNS) hijacking, also called DNS redirection or DNS poisoning, is an attack during which DNS queries are resolved incorrectly to redirect users to unsafe sites. Hackers usually perform DNS hijacking attacks by installing malware on users’ computers, taking over routers, or intercepting DNS communication.
DNS hijacking types
- Local DNS hijack. The attackers install trojan malware on the user’s computer and change local DNS settings to redirect to malicious sites.
- Router DNS hijack. Most routers have default firmware and passwords. Router DNS hijack is when attackers take over a router and overwrite its DNS settings, putting users connected to that router at risk.
- Man-in-the-middle DNS attack. This attack occurs when attackers intercept communication between a DNS server and a user, providing a different destination IP address pointing to a malicious site.
- Rogue DNS server. This attack occurs when attackers hack a DNS server and change DNS records to redirect requests to malicious sites.
How to prevent DNS hijacking
- Don’t click on suspicious links. Avoid clicking on links from unfamiliar people or sources.
- Use reliable antivirus software. Trustworthy antivirus software will neutralize threats before they can damage your devices.
- Use a VPN to encrypt your traffic. Encryption prevents hackers from snooping on your sensitive data.
- Change your router password. The default password is easy to crack.