DNS Attack on Yandex – Can It Happen to You?

Last week, Russian media was hit with news about massive DNS (Domain Name System) attacks on Yandex, the country’s biggest technology company and local giant of internet search – essentially, the Google of Russia. The network attacks exploited vulnerabilities in the block-list system of Roskomnadzor, Russia’s state censor, that the government uses to ban sites that don’t comply with laws and regulations. The hackers hijacked DNS servers and domain registrars to direct traffic away from legitimate Yandex websites to IP addresses that have been blacklisted.

Over the past five years, vulnerabilities in Roskomnadzor’s blocking system have been repeatedly exploited, with a large wave of attacks taking place in 2017. Because of this, some Russian internet providers use DPI (Deep Packet Inspection) technology to block access to banned sites. Large-scale DNS hacks, like the one that took place last week, can have significant impact on ISP customers. Customers of large operators may experience a slowdown in access to affected resources and customers of smaller provider can face full access denial.

Yandex IT teams fought the attack for several days and managed to prevent the blocking of its sites, but the attack did not go unnoticed by Yandex customers, who reported a significant slowdown in service access.

You might think that the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Allot Blog authored by Lena Fuks. Read the original post at: https://www.allot.com/blog/dns-attack-yandex/