From a layperson’s perspective, it’s easy to think that it’s the likes of Amazon Web Services, Google, or some other big-name company or service that’s most responsible for keeping the internet running smoothly.
In fact, it’s the Domain Name System (DNS) that users have to thank for the internet working the way that it does. DNS functions as a phone book for the internet: connecting the text-based addresses entered by users with the numerical, machine-readable internet protocols (IP) address needed to locate the website in question.
Everyone reading this (particularly if they remember the pre-smart phone days in which users had to physically type in numbers to call them) will have experienced dialling the wrong number and, instead of the buddy or business they hoped to reach, being patched through to a total stranger instead. The equivalent of this when it comes to DNS is a range of tactics that seek to take advantage of the way users look up websites — and exploit mistakes made along the way.
These techniques, which are getting more common all the time, are a reminder of why precautionary measures — ranging from basic precautions by businesses to protective measures such as DNSSEC, a suite of extensions designed to improve DNS security — are more important than ever.
How typo-squatting works
Typo-squatting is one recurring — and recurringly damaging — way attackers may try and impersonate companies and brand names. In typo-squatting, attackers will purchase a URL that looks suspiciously similar to a legitimate service. As its name implies, this behavior is designed to capitalize on typos when users are entering a web address.
For example, “Amazom” instead of Amazon. Since the letters “N” and “M” are next to each other on the keyboard, this hypothetical example could lead a would-be Amazon shopper to a fraudulent webpage instead. Since Amazon has in the vicinity of 300 million active monthly users and well over a billion monthly page views, if only a miniscule fraction was to misspell Amazon in this way, it could still translate to web traffic for a spoof page that would exceed the wildest dreams of most web pages.
Although this Amazom example is made up for illustrative purposes, similar scale instances have been reported in the past. For instance, an early instance of typo-squatting, dating back to around 2006, involved Goggle instead of Google. Other variations on the typo-squatting concept can involve misspellings (such as Faceboook.com or wwwfacebook.com), wrong domain extensions (such as substituting a .org or .com in place of a .com), use of hyphens (like “Face-book” instead of Facebook), and more.
The dangers of typo-squatting
There is a chance that typo-squatting is being used simply to create a parody joke site. Other times, those who register these addresses do so as for what is known as domain parking, meaning that they register a popular alternative version of a web address and then try to sell it to the legitimate company in question. But many others are more sinister than that, using the technique to spread malware or carry out phishing attacks in an attempt to steal login credentials and other sensitive data.
According to one recent report, an average 1,100 fake websites get registered each year against individual organizations. In the first four months of 2021 alone, upwards of 175,000 domains in this category were raised in sectors including financial services, technology, food and beverage industries, insurance and healthcare, and others. Financial services remains the most commonly targeted with around 20% of these fraudulent websites.
More sophisticated attacks
Attacks are becoming more sophisticated, too. For example, DNS spoofing involves attackers hijacking a DNS resolver’s cache, triggering users who visit a particular website to receive incorrect IP addresses, which translates to them viewing attackers’ malicious websites rather than the website they intended to visit to begin with.
According to another recent study, cyber attacks targeting DNS, aimed at organizations in the Asia-Pacific region, increased by 15% last year. This led to unwanted downtime, the loss of customer information, and more. It’s not just the Asia-Pacific region, either. Like all cyber attacks, these strategies are becoming increasingly commonplace.
There isn’t a single solution when it comes to defending against all of these attacks. It is highly advisable that companies wanting to safeguard against typo-squatting register 0 variants of their website (in other words, the letter “o” swapped out with a zero symbol), as well as their web address with www before it (wwwyourcompanyname), hyphenated and non-hyphenated versions, and as many domain extensions and misspellings as are feasible.
Seek out expert help
Things become more complex when more complex DNS attacks are involved. Seeking out cyber security experts to provide DNSSEC tools that can protect against attacks such as data exfiltration performed via DNS is a very important — and increasingly necessary — step to take.
Cyber attackers are constantly on the lookout for new ways to cause havoc, often by abusing the same protocols that make the internet work. Knowing what these are, and taking steps to mitigate them, is in the best interests of every organization out there.
