DNS Open Resolver Attacks
Threat actors send an unsolicited email containing advertisements or malicious files. This type of email is sent most often to solicit a response, telling the threat actor that the email is valid and a user has opened the spam.
Spam email
A DoS attack that consumes the resources of the DNS open resolvers.
DNS resource utilization attacks
What are the 3 types of false information a rogue server can provide?
Wrong default gateway
Wrong DNS server
Wrong IP address
Threat actors create email messages with a forged sender address that is meant to fool the recipient into providing money or sensitive information.
Email spoofing
Threat actors send spoofed, falsified record resource (RR) information to a DNS resolver to redirect users from legitimate sites to malicious sites.
DNS cache poisoning attacks
Threat actors use this technique in malware to randomly generate domain names that can then be used as rendezvous points to their command and control (C&C) servers.
Domain Generation Algorithms
What are the to types of Cross-Site Scripting attacks?
Stored (persistent)
Reflected (non-persistent)
Threat actors use the 302 Found HTTP response status code to direct the user’s web browser to a new location.
HTTP 302 Cushioning
Threat actors embed malicious content in business files such as an email from the IT department.
Attachment-based attacks
Threat actors use DoS or DDoS attacks on DNS open resolvers to increase the volume of attacks and to hide the true source of an attack. Threat actors send DNS messages to the open resolvers using the IP address of a target host. These attacks are possible because the open resolver will respond to queries from anyone asking a question.
DNS amplification and reflection attacks
Threat actors use this technique to hide their phishing and malware delivery sites behind a quickly-changing network of compromised DNS hosts. The DNS IP addresses are continuously changed within minutes.
Fast Flux
The (---) consists of inserting a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data, execute administration operations on the database, and sometimes, issue commands to the operating system.
SQL injection attack
An (---) is an HTML element that allows the browser to load another web page from another source.
Malicious iFrames
Threat actors take advantage of enterprise servers that are misconfigured as open mail relays to send large volumes of spam or malware to unsuspecting users.
Open mail relay server
Threat actors use this technique to rapidly change the hostname to IP address mappings and to also change the authoritative name server. This increases the difficulty of identifying the source of the attack.
Double IP Flux
When a threat actor wishes to create a (---), the threat actor must first compromise a domain. Then, the threat actor must create multiple subdomains of that domain to be used for the attacks
Domain Shadowing
Threat actors can use text characters that are very similar or even identical to legitimate text characters. For example, it can be difficult to distinguish between an O (upper case letter O) and a 0 (number zero) or a l (lower case “L”) and a 1 (number one). These can be used in phishing emails to make them look very convincing. In DNS, these characters are very different from the real thing.
Homoglyphs