DNS servers from multiple Brazilian ISPs were compromised to direct users to malicious websites Security researchers from antivirus vendor Kaspersky Lab warn that cybercriminals hacked into the DNS (Domain Name System) servers of several Brazilian ISPs and used them to redirect users to websites that distributed malware.These attacks have occurred in the last few days, but they are not new to the region, according to Kaspersky Lab experts. “We believe it’s not the last time this happens in Brazil and in the future we’ll see more attacks like this,” said Dmitry Bestuzhev, the head of Kaspersky’s global research and analysis team.“This kind of attack may happen in any place of the world and basically take place because of vulnerabilities on the ISP side. The only thing which can be done in this case from the ISP side is to make sure that all DNS servers are really protected,” he added.The DNS is a core part of the Internet infrastructure and is used for translating domain names into IP (Internet Protocol) addresses. Every time users try to access a website in their browser, their computer queries a DNS server — usually one provided by their ISP — for the corresponding IP address.The latest incidents involved hackers modifying the DNS records returned by ISP servers for popular websites, including Google Brazil, YouTube, Gmail, Hotmail and several large Brazilian Internet portals like Uol, Terra or Globo.Instead of responding with the correct IPs corresponding to those domains, the hijacked DNS servers returned the address of a Web server hosting spoofed pages that distributed Java exploits and banking Trojans.Bestuzhev declined to name the affected ISPs, citing security reasons, but said that those behind the attacks most likely exploited vulnerabilities in the DNS software used by the compromised servers.DNSSEC, a security extension that uses digital signatures to verify the authenticity of DNS responses is a solution against some of these attacks and should be adopted by all ISPs, the Kaspersky security expert said. However, he didn’t know if any of the affected servers used the technology.There are different types of DNS poisoning attacks, and aside from software vulnerabilities, rogue server administrators are also a threat. Last week, the Brazilian Federal Police arrested the employee of a medium-sized ISP who used his access to the company’s DNS servers to manually modify records for certain websites and direct users to phishing pages.The best solution for users who want to protect themselves from such attacks is to use alternative DNS servers, like those provided by Google and other specialized organizations, Bestuzhev said.However, it’s better if users configure each of their computers individually to use the alternative DNS servers instead of defining them in their home routers. That’s because there are also attacks that exploit vulnerabilities in such networking devices to replace the configured DNS servers with others controlled by hackers. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe