Usually your Domain Name System (DNS) is connected to your ISP. But sometimes attackers seek to hijack your settings to redirect you to malicious sites on the internet. Therefore, DNS hijacking can used for phishing attacks, when the domain name of the targeted site is redirected by the rogue DNS server to a web server controlled by a hacker. The attacker is hoping the person will then enter their log in credentials which can subsequently be stolen.
DNS hijacking is a “serious matter”, “If the router is hacked – and the DNS settings are modified – the cybercriminals can effectively direct your traffic to malicious servers: instead of visiting a clean site, you’ll be visiting a compromised one.
“It’s safe to say, this will result in your privacy being compromised and could lead to a host of serious issues, including identify theft, as well as capturing sensitive information such as banking details.”
How to secure your router
This type of attack is becoming more prevalent. It’s therefore important to secure your router – but doing so doesn’t have to be complex. If you are using one of these older router models, it really is time to think about getting a new one – which should be free from your ISP.
You can also look at your router’s DNS settings to check if they’ve been tampered with. “Typically, your DNS servers should be set to the ones provided by your ISP or well-known public DNS resolvers.
Routers are increasingly being targeted and in general, it’s really important to ensure your home router’s firmware is up-to-date.
“Typically, routers are forgotten about in the home, ”Patches are sent out routinely and are available for a reason”. People tend to leave router and admin passwords default so when it comes to system patches, they are obsolete from the start.
“An attacker could exploit this particular vulnerability by conducting a man-in-the-middle attack which is a classic way to target people’s personal data and credentials. One simple thing to remember is ‘patch, protect or pay’.”
It goes without saying that you should change the default username and passwords on any new router, as soon as you receive it. If you haven’t done this – and even if your device appears fine or isn’t among those targeted – you need to do so now.
As far as email phishing is concerned, always be vigilant. Avoid clicking links if you aren’t sure of the source: hover your mouse over them to see where they lead.
“Keep your eyes peeled for any websites that might be untrustworthy. Stay alert – if you’re accessing a website you’re familiar with, keep an eye out for unusual pop-ups or anything that seems out of place.”