Home / / Etisalat cyber-attack explained: experts speak out

Etisalat cyber-attack explained: experts speak out

Regional specialists identify exploit as DNS poisoning

Etisalat cyber-attack explained: experts speak out
Solling and Sleiman said Etisalat was the victim of a DNS cache poisoning exploit.

In the aftermath of last week's temporary defacement of Etisalat's commercial websites, regional cyber security experts have identified the operation as a DNS (domain name system) cache poisoning exploit.

The end product of DNS cache poisoning is the replacement of a lookup entry on a DNS server with a false address. Specialists contacted by ITP.net say this kind of attack is on the increase and DNS ranks only behind HTTP attacks in terms of popularity as an attack vector.

"DNS is projected to surpass HTTP to become the number one attack vector within the next 12 months," warned Cherif Sleiman, general manager, Middle East at Infoblox. "In the past year alone, DNS attacks have increased by more than 200%. In the same way that today companies cannot build networks without firewalls and intrusion prevention systems, we have entered an era where organisations can no longer build networks without DNS security."

Nicolai Solling, director, Technology Services, Help AG believes this is the first DNS poisoning attack on a telecoms provider in the region.

"From a technical perspective it is relatively straight forward to understand what happened, but not necessarily how," he said. "As the website is as prominent as etisalat.ae I would say that exactly due to the size and users on the site, it is a major attack."

"For as long as the false entry is cached, incoming Web requests and emails will go to the attacker's address," Sleiman said. "There are many ways to accomplish this. New cache poisoning attacks... use brute force, flooding DNS responses and queries at the same time hoping to get a match on one of the responses and poison the cache."

Bothe Sleiman and Solling cited a number of possible motives for the attack, including financial gain and reputation enhancement among other hackers. Gains can include the hijacking of computers for botnets and other nefarious purposes. This is why popular, high-profile sites are chosen by attackers.

"It is important to understand that while it is Etisalat.ae that is effected the issue could be outside the Etisalat infrastructure, however as we have only heard about etisalat.ae, it is most likely the DNS servers of Etisalat that were effected," Solling said.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.