How to deal with domain name hacking
The Covid-19 pandemic has come with many lessons for Kiwi SMEs, one of the most important being the need for a strong online presence to reach customers when you can’t trade face to face.
But with the renewed push into online trading, comes more risk in terms of exposure to hacking and one of the targets is a website’s domain name.
Imagine for a moment: you’re busy making a roaring trade online when suddenly all your traffic disappears. Later you find out that your domain has been infiltrated by hackers. Now all your customers are being redirected to a fake website and tricked into revealing their login details or credit card information!
Sounds far-fetched? This was just such the case in 2016, when hackers redirected all traffic from a Brazilian bank’s domains. For up to six hours, visitors were directed to an imitation website that attempted to steal their information and install malware on their computers.
Whilst you may not be a data-rich national bank, your domain is your digital identity and an essential business asset. It’s critical you take the right steps to protect it.
What’s in a name?
To understand the vulnerabilities of your domain name, it’s handy to first have an idea of how the domain name system (DNS) works.
The DNS protocol was created to make the internet more human friendly. Basically It converts the string of numbers in an IP address (for example 18.104.22.168) that computers use to communicate over the internet, into a more interesting and easier to remember domain name—for example www.thisisme.com.
The DNS system has been around since the beginning of all things cyber, and whilst it’s a robust system, it lacks certain security protocols to match today’s world of sophisticated hacking and cyber-attacks.
And of course, hackers are only too happy to exploit these weaknesses.
DNS Hijacking, how does it happen?
DNS hijacking occurs when hackers take control of, or manipulate, your Domain or DNS information, so that your visitors are redirected to a different IP address and, essentially, a website that’s not your own.
And, if the fake site is a close enough replica, there’s often no way for the user to know they are being scammed.
There are a couple of ways DNS Hijacking can happen:
- Unlawful access to your domain registration account
If hackers can obtain your login credentials for your domain registration, they can take control of your domain and point it to DNS servers of their choice.
Worse still, they can even transfer ownership of your domain to a different registrar and make retrieving it a complex nightmare. Some companies who have fallen prey to this, have ended up having to change their domain name entirely.
Hackers use a few methods to steal your login information:
Phishing is the common scam we all know and love (not!) that uses unsolicited emails to try and infect your computer with malware or ransomware, or to get you to hand over sensitive information.
Remember that prize you won from contdown.uio.ajh? All you had to do was enter your details to redeem your winnings? The one you instantly reported as spam (hopefully)?
Hackers might send you an email imitating your domain registrar (the company with whom you registered your domain) that encourages you to click on a link and log into your account to check for suspicious activity.
If you then clicked on their link, you would be taken to their website that would record any login credentials you enter.
Hackers can also target the company with which you’ve registered your domain. Specifically, they may attack your password with code-cracking software, or try to trick the registrar’s technical support team into giving them access to your account.
- DNS Cache Poisoning
DNS caching is a process that speeds up the performance of the internet. Whenever you browse online, visit websites, send emails etc., your computer is more than likely using DNS data cached from somewhere on the network.
Without going into too much detail, the way these caches work can make them vulnerable to ‘poisoning’ attacks.
What this means is that hackers can inject false DNS information into caches which will then redirect computers to hacker-controlled websites. And your internet browser will be non-the-wiser.
Protecting your business
After reading to this point, you may be forgiven for thinking that the only safe way to proceed is to abort your online proceedings and head back to bricks and mortar!
But fear not. These potential threats, like most cybersecurity issues, can be mitigated by following certain security protocols.
Firstly, pick your domain name registrar wisely
Picking a registrar that offers key security protocols is one of the most important steps you can take in protecting your domain name.
Here are some features to look for in a registrar:
- ICANN Accredited
ICANN (Internet Corporation for Assigned Names and Numbers) is the governing body that coordinates the IP addresses for domain names across the world. If you have any disputes over domain ownership, they are your first port of call.
You can view a list of accredited registrar here.
- Support for DNSSEC
DNSSEC (Domain Name System Security Extensions) is a protocol that helps to authenticate and secure communications between DNS servers, thus dramatically reducing the risk of cache poisoning.
It is optional, so make sure your registrar offers it and that you have it selected.
- Registry locks
Placing your domain name under a Registrar-Lock means that your registration information and DNS configuration can’t be viewed, accessed, or changed unless you unlock it.
- Multi-factor authentication (MFA)
Protect your account with more than just a password. MFA requires you to input extra information, for example a code sent to your mobile phone, when you want to access your account.
- Domain auto-renewal
Not all domains are stolen, if your registration expires then your domain will be available for someone else to grab. Make sure you can enable a domain auto-renew to ensure your ownership in the long term.
Create robust security practices—and follow them!
Now it’s over to you. Make sure you integrate security procedures into your working routine and ensure your staff follow them too.
- Keep your domain registration account details secure and up to date
Make sure these account details are only available to the staff who need them in order to do their job, and that access details, especially passwords, get changed when staff leave.
- Protect your account with strong passwords
Try to use long passwords that are a mix of upper and lower case letters, numbers, and symbols. Make sure they have no ties to your personal information and use no dictionary words.
- Train your staff!
Your staff can be your greatest line of defence—or your weakest. It’s essential that they know how to spot a domain phishing attack and are aware of potential threats.
Taking measures to secure your domain may seem like just one more thing on your endless to-do list, but don’t underestimate the importance of your domain when it comes to your brand and business identity.
Protecting it as you would any other sensitive business information, can save you from the loss of earnings and reputation that go hand-in-hand with domain hijacking.
And while you’re in the mindset of future proofing your ability to do business online, it’s worth considering if of your internet connection is up to the task of doing more things digitally. Business grade fibre connections offer some of the best connectivity available with features that include prioritised data. To find out what suits your business go to our broadband assessment tool.