{"id":27915,"date":"2019-07-18T19:00:00","date_gmt":"2019-07-18T19:00:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/"},"modified":"2019-07-18T19:00:00","modified_gmt":"2019-07-18T19:00:00","slug":"worst-dns-attacks-and-how-to-mitigate-them","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/","title":{"rendered":"Worst DNS attacks and how to mitigate them"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/08\/anonymous_faceless_hooded_mand_in_scary_halloween_mask_finger_to_lips_danger_threat_stealth_attack_hacker_hush_silence_warning_by_max_bender_cc0_via_unsplash_1200x800-100766358-large.3x2.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.<\/p>\n<p>DNS, known as the internet\u2019s phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the <a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/01\/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html\" rel=\"nofollow\">past year<\/a> or so indicate a worsening of the situation.<\/p>\n<aside class=\"fakesidebar\">\n<p><strong>More about DNS:<\/strong><\/p>\n<\/aside>\n<p>IDC reports&nbsp;that 82% of companies worldwide have faced a DNS attack over the past year. The research firm recently published its fifth annual&nbsp;<a href=\"https:\/\/www.efficientip.com\/resources\/idc-dns-threat-report-2019\/\" rel=\"nofollow\">Global DNS Threat Report<\/a>, which is based on a survey IDC conducted on behalf of DNS security vendor&nbsp;EfficientIP of 904 organizations across the world during the first half of 2019.<\/p>\n<p>According to IDC&#8217;s research, the average costs associated with a DNS attack rose by 49% compared to a year earlier. In the U.S.,&nbsp;the average cost of a DNS attack tops out at more than $1.27 million. Almost half of respondents (48%) report losing more than $500,000 to a DNS attack, and nearly 10% say they lost more than $5 million on each breach. In addition, the majority of U.S. organizations say that it took more than one day to resolve a DNS attack.<\/p>\n<p>\u201cWorryingly, both in-house and cloud applications were damaged, with growth of over 100% for in-house application downtime, making it now the most prevalent damage suffered,\u201d IDC wrote. &#8220;DNS attacks are moving away from pure brute-force to more sophisticated attacks acting from the internal network. This will force organizations to use intelligent mitigation tools to cope with insider threats.&#8221;<\/p>\n<h2>Sea Turtle DNS hijacking campaign<\/h2>\n<p>An ongoing DNS hijacking campaign known as Sea Turtle is one example of what&#8217;s occuring in today&#8217;s DNS threat landscape.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id><\/aside>\n<p>This month, <a href=\"https:\/\/www.talosintelligence.com\/\" rel=\"nofollow\">Cisco Talos<\/a> security researchers said the people behind the Sea Turtle campaign have been busy <a href=\"https:\/\/blog.talosintelligence.com\/2019\/07\/sea-turtle-keeps-on-swimming.html\" rel=\"nofollow\">revamping their attacks<\/a> with new infrastructure and going after new victims.<\/p>\n<aside id=\"fsb-2599\" class=\"fakesidebar fakesidebar-auto fakesidebar-sponsored\"><strong>[ <a href=\"https:\/\/pluralsight.pxf.io\/c\/321564\/424552\/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr\" rel=\"nofollow\">Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!<\/a> ]<\/strong><\/aside>\n<p>In April, Talos released a <a href=\"https:\/\/blog.talosintelligence.com\/2019\/04\/seaturtle.html\" rel=\"nofollow\">report detailing<\/a> Sea Turtle and calling it the \u201cfirst known case of a domain name registry organization that was compromised for cyber espionage operations.\u201d Talos says the ongoing DNS threat campaign is a state-sponsored attack that abuses DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS.<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id><\/aside>\n<p>By obtaining control of victims\u2019 DNS, the attackers can change or falsify any data on the Internet and illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reports.&nbsp;<\/p>\n<p>The hackers behind Sea Turtle appear to have regrouped after the April report from Talos and are redoubling their efforts with new infrastructure&nbsp;\u2013 a move Talos researchers find to be unusual: \u201cWhile many actors will slow down once they are discovered, this group appears to be unusually brazen, and will be unlikely to be deterred going forward,\u201d Talos <a href=\"https:\/\/blog.talosintelligence.com\/2019\/07\/sea-turtle-keeps-on-swimming.html\" rel=\"nofollow\">wrote<\/a> in July.<\/p>\n<p>\u201cAdditionally, we discovered a new DNS hijacking technique that we assess with moderate confidence is connected to the actors behind Sea Turtle. This new technique is similar in that the threat actors compromise the name server records and respond to DNS requests with falsified A records,\u201d Talos stated.&nbsp;<\/p>\n<p>\u201cThis new technique has only been observed in a few highly targeted operations. We also identified a new wave of victims, including a country code top-level domain (ccTLD) registry, which manages the DNS records for every domain [that] uses that particular country code; that access was used to then compromise additional government entities. Unfortunately, unless there are significant changes made to better secure DNS, these sorts of attacks are going to remain prevalent,\u201d Talos wrote.<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id><\/aside>\n<h2>DNSpionage attack upgrades its tools<\/h2>\n<p>Another newer threat to DNS comes in the form of an attack campaign called <a href=\"https:\/\/www.networkworld.com\/article\/3390666\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.html\">DNSpionage<\/a>.&nbsp;<\/p>\n<p>DNSpionage initially used&nbsp;two malicious websites containing job postings to compromise targets via crafted Microsoft Office documents with embedded macros. The malware supported HTTP and DNS communication with the attackers. And the attackers are continuing to develop new assault techniques.<\/p>\n<p>\u201cThe threat actor&#8217;s ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors, and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization&#8217;s normal proxy or weblogs,\u201d <a href=\"https:\/\/blog.talosintelligence.com\/2019\/04\/dnspionage-brings-out-karkoff.html\" rel=\"nofollow\">Talos wrote<\/a>. \u201cDNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.\u201d<\/p>\n<p>The DNSpionage campaign targeted various businesses in the Middle East as well as United Arab Emirates government domains.<\/p>\n<p>\u201cOne of the biggest problems with DNS attacks or the lack of protection from them is complacency,\u201d said Craig Williams, threat intelligence outreach manager for Talos. Companies think DNS is stable and that they don\u2019t need to worry about it. \u201cBut what we are seeing with attacks like DNSpionage and Sea Turtle are kind of the opposite, because attackers have figured out how to use it to their advantage \u2013 how to use it to do damage to credentials in a way, in the case of Sea Turtle, that the victim never even knows it happened. And that\u2019s a real potential problem.\u201d<\/p>\n<p>If you know, for example, your name server has been compromised, then you can force everyone to change their passwords. But if instead they go after the registrar and the registrar points to the bad guy\u2019s name, you never knew it happened because nothing of yours was touched \u2013 that\u2019s why these new threats are so nefarious, Williams said.<\/p>\n<p>\u201cOnce attackers start using it publicly, successfully, other bad guys are going to look at it and say, \u2018hey, why don&#8217;t I use that to harvest a bunch of credentials from the sites I am interested in\u2019,\u201d Williams said.<\/p>\n<h2><strong>DNS security warnings grow<\/strong><\/h2>\n<p>The UK&#8217;s <a href=\"https:\/\/www.ncsc.gov.uk\/news\/ongoing-dns-hijacking-and-mitigation-advice\" rel=\"nofollow\">National Cyber Security Centre (NCSC)<\/a> issued a warning this month about ongoing DNS attacks, particularly focusing on DNS hijacking. It cited a number of risks associated with the uptick in DNS hijacking including:<\/p>\n<p><strong>Creating malicious DNS records.<\/strong> A malicious DNS record could be used, for example, to create a phishing website that is present within an organization\u2019s familiar domain. This may be used to phish employees or customers.<\/p>\n<p><strong>Obtaining SSL certificates.<\/strong> Domain-validated SSL certificates are issued based on the creation of DNS records; thus an attacker may obtain valid SSL certificates for a domain name, which could be used to create a phishing website intended to look like an authentic website, for example.<\/p>\n<p><strong>Transparent proxying.<\/strong> One serious risk employed recently involves transparently proxying traffic to intercept data. The attacker modifies an organization\u2019s configured domain zone entries (such as \u201cA\u201d or \u201cCNAME\u201d records) to point traffic to their own IP address, which is infrastructure they manage.<\/p>\n<p>\u201cAn organization may lose total control of their domain and often the attackers will change the domain ownership details making it harder to recover,\u201d the NCSC wrote.<\/p>\n<p>These new threats, as well as other dangers, led the U.S. government to issue a warning earlier this year about DNS attacks on federal agencies.&nbsp;<\/p>\n<p>The Department of Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency (CISA) told all federal agencies to bolt down their DNS in the face of a series of global hacking campaigns.<\/p>\n<p>CISA said in its <a href=\"https:\/\/cyber.dhs.gov\/ed\/19-01\/\" rel=\"nofollow\">Emergency Directive<\/a> that it was tracking a series of incidents targeting DNS infrastructure. CISA wrote that it \u201cis aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.\u201d<\/p>\n<p>CISA says that attackers have managed to intercept and redirect web and mail traffic and could target other networked services. The agency said the attacks start with compromising user credentials of an account that can make changes to DNS records.&nbsp; Then the attacker alters DNS records, like Address, Mail Exchanger, or Name Server records, replacing the legitimate address of the services with an address the attacker controls.<\/p>\n<p>These actions let the attacker direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection, CISA stated.&nbsp;<\/p>\n<p>\u201cBecause the attacker can set DNS record values, they can also obtain valid encryption certificates for an organization\u2019s domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings,\u201d CISA stated.<\/p>\n<h2><strong>Get on the DNSSEC bandwagon<\/strong><\/h2>\n<p>\u201cEnterprises that are potential targets \u2013 in particular those that capture or expose user and enterprise data through their applications \u2013 should heed this advisory by the NSCS and should pressure their DNS and registrar vendors to make DNSSEC and other domain security best practices easy to implement and standardized,\u201d said Kris Beevers, co-founder and CEO of DSN security vendor <a href=\"https:\/\/ns1.com\/\" rel=\"nofollow\">NS1<\/a>. \u201cThey can easily implement DNSSEC signing and other domain security best practices with technologies in the market today. At the very least, they should work with their vendors and security teams to audit their implementations.\u201d<\/p>\n<p>DNSSEC was in the news earlier this year when in response to increased DNS attacks, the Internet Corporation for Assigned Names and Numbers (ICANN) called for an intensified community effort to install stronger DNS security technology.&nbsp;<\/p>\n<p>Specifically, ICANN wants full deployment of the Domain Name System Security Extensions (<a href=\"https:\/\/www.icann.org\/resources\/pages\/dnssec-qaa-2014-01-29-en\" rel=\"nofollow\">DNSSEC<\/a>) across all unsecured domain names. DNSSEC adds a layer of security on top of DNS. Full deployment of DNSSEC ensures end users are connecting to the actual web site or other service corresponding to a particular domain name, ICANN said. \u201cAlthough this will not solve all the security problems of the Internet, it does protect a critical piece of it \u2013 the directory lookup \u2013 complementing other technologies such as SSL (https:) that protect the \u2018conversation\u2019, and provide a platform for yet-to-be-developed security improvements,\u201d ICANN stated.<\/p>\n<p>DNSSEC technologies have been around since about 2010 but are not widely deployed, with less than 20% of the world\u2019s DNS registrars having deployed it, according to the regional internet address registry for the Asia-Pacific region&nbsp;(<a href=\"https:\/\/www.apnic.net\/\" rel=\"nofollow\">APNIC<\/a>).<\/p>\n<p>DNSSEC adoption has been lagging because it was viewed as optional and can require a tradeoff between security and functionality, said NS1&#8217;s Beevers.<\/p>\n<h2><strong>Traditional DNS threats<\/strong><\/h2>\n<p>While DNS hijacking may be the front line attack method, other more traditional&nbsp;threats still exist.&nbsp;<\/p>\n<p>The IDC\/EfficientIP study found most popular&nbsp;DNS&nbsp;threats have changed compared with last year. Phishing (47%) is now more popular than last year\u2019s favorite, DNS-based malware (39%), followed by DDoS attacks (30%), false positive triggering (26%), and lock-up domain attacks (26%).<\/p>\n<p>Experts say DNS cache poisoning, or DNS spoofing, is also still quite common. Using cache poisoning, attackers inject malicious data into DNS resolver\u2019s cache systems in an attempt to redirect users to the attacker\u2019s sites. They then can steal personal information or other intelligence.<\/p>\n<p>DNS tunneling, which uses DNS to present a hidden communication channel that can then bypass a firewall, is another attack threat.<\/p>\n<p>Palo Alto\u2019s Unit 42 security researchers have detailed one of the most well-known DNS tunneling attacks: OilRig.<\/p>\n<p><a href=\"https:\/\/www.bankinfosecurity.com\/leak-exposes-oilrig-apt-groups-tools-a-12397\" rel=\"nofollow\">OilRig<\/a> delivered Trojans that use DNS tunneling for command and control in attacks used to steal data since at least May 2016. Since then, the threat group has introduced new tools using different tunneling protocols to their tool set, according to Unit 42&#8217;s&nbsp;<a href=\"https:\/\/unit42.paloaltonetworks.com\/dns-tunneling-in-the-wild-overview-of-oilrigs-dns-tunneling\/\" rel=\"nofollow\">blog post about OilRig<\/a>.&nbsp;<\/p>\n<p>\u201cThe OilRig group has repeatedly used DNS tunneling as a channel to communicate between their C2 servers and many of their tools,\u201d Unit 42 stated.&nbsp;<\/p>\n<p>&#8220;One major drawback of using DNS tunneling is the high volume of DNS queries issued to transmit data back and forth between the tool and the C2 server, which may stand out to those monitoring DNS activity on their networks,&#8221; Unit 42 researchers noted.<\/p>\n<h2><strong>DNS attack mitigation<\/strong><\/h2>\n<p>There are a number of things enterprises can do to keep most of these attacks at bay, experts say.<\/p>\n<p>The biggest thing users can do is implement two-factor authentication, Talos\u2019 Williams said. &#8220;It\u2019s easy to implement and everyone understands what it is and no one is surprised by it anymore. Companies should also patch any sites that are public facing \u2013 we are well beyond the \u2018well, let\u2019s hope they just don\u2019t find us&#8217; world \u2013 it doesn\u2019t work.&#8221;<\/p>\n<p>There are scores of other suggested DNS security best practices. We&#8217;ve compiled some here, beginning with those from&nbsp;Homeland Security\u2019s Cybersecurity and Infrastructure Security Agency (CISA).<\/p>\n<p>READ MORE <a href=\"https:\/\/www.networkworld.com\/article\/3409719\/worst-dns-attacks-and-how-to-mitigate-them.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\nThe Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.DNS, known as the internet\u2019s phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the past year or so indicate a worsening of the situation.To read this article in full, please click here READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":27916,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[762,307],"class_list":["post-27915","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-networking","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-18T19:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Worst DNS attacks and how to mitigate them\",\"datePublished\":\"2019-07-18T19:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/\"},\"wordCount\":2158,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/worst-dns-attacks-and-how-to-mitigate-them.jpg\",\"keywords\":[\"Networking\",\"Security\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/\",\"name\":\"Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/worst-dns-attacks-and-how-to-mitigate-them.jpg\",\"datePublished\":\"2019-07-18T19:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/worst-dns-attacks-and-how-to-mitigate-them.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/worst-dns-attacks-and-how-to-mitigate-them.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/worst-dns-attacks-and-how-to-mitigate-them\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Networking\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/networking\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Worst DNS attacks and how to mitigate them\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/","og_locale":"en_US","og_type":"article","og_title":"Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-07-18T19:00:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Worst DNS attacks and how to mitigate them","datePublished":"2019-07-18T19:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/"},"wordCount":2158,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg","keywords":["Networking","Security"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/","url":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/","name":"Worst DNS attacks and how to mitigate them 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg","datePublished":"2019-07-18T19:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/07\/worst-dns-attacks-and-how-to-mitigate-them.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/worst-dns-attacks-and-how-to-mitigate-them\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Networking","item":"https:\/\/www.threatshub.org\/blog\/tag\/networking\/"},{"@type":"ListItem","position":3,"name":"Worst DNS attacks and how to mitigate them"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27915","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=27915"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/27915\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/27916"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=27915"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=27915"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=27915"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}