Software giant Oracle claims that three US payment processing companies have been targeted by Border Gateway Protocol (BGP) hijacking attacks on their DNS servers.
Border Gateway Protocol (BGP) is a standardised exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet.
Oracle said in a report on Monday that on three separate dates in July, it saw what appeared to be BGP hijacks that targeted the DNS servers for US payment processors Datawire, Vantiv, and Mercury Payment Systems.
These internet routing attacks were apparently designed to redirect traffic intended for the payment processors to servers controlled by the malicious actors.
The first of the attacks started on 6 July this year, with a short duration attack that attempted to reroute network prefixes or blocks of IP addresses. These attacks were targeted Vantiv and Datawire payment processing companies.
A few months earlier, in April, Oracle also detailed a brazen BGP hijack attempt of Amazon's DNS service in order to redirect users of a cryptocurrency wallet service to a fraudulent website.
"In the past month, we have observed additional BGP hijacks of authoritative DNS servers with a technique similar to what was used in April," the firm said in a report. "This time the targets included US payment processing companies."
As in the Amazon case, these more recent BGP hijacks enabled imposter DNS servers to return forged DNS responses, misdirecting unsuspecting users to malicious sites.
By using long TTL (time to live) values in the forged responses, recursive DNS servers held these bogus DNS entries in their caches long after the BGP hijack had disappeared, maximising the duration of the attack, Oracle said.
The company warned that we can expect to see more of these types of attacks against high-value targets on the the internet in the near future.
Security expert and IP development engineer at NTT Communications, Job Snijders, suggested that consolidation of the internet industry might help to foil such attacks.
"If the major DNS service providers (both on the authoritative and recursive side of the house) sign their routes using RPKI, and validate routes received via EBGP, the impact of attacks like these would be reduced because protected paths are formed back and forth," Snijders said.
"Only a small specific group of densely connected organisations needs deploys RPKI based BGP Origin Validation to positively impact the Internet experience for billions of end users," he added.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago