Software giant Oracle claims that three US payment processing companies have been targeted by Border Gateway Protocol (BGP) hijacking attacks on their DNS servers.
Border Gateway Protocol (BGP) is a standardised exterior gateway protocol designed to exchange routing and reachability information among autonomous systems on the Internet.
Oracle said in a report on Monday that on three separate dates in July, it saw what appeared to be BGP hijacks that targeted the DNS servers for US payment processors Datawire, Vantiv, and Mercury Payment Systems.
These internet routing attacks were apparently designed to redirect traffic intended for the payment processors to servers controlled by the malicious actors.
The first of the attacks started on 6 July this year, with a short duration attack that attempted to reroute network prefixes or blocks of IP addresses. These attacks were targeted Vantiv and Datawire payment processing companies.
A few months earlier, in April, Oracle also detailed a brazen BGP hijack attempt of Amazon's DNS service in order to redirect users of a cryptocurrency wallet service to a fraudulent website.
"In the past month, we have observed additional BGP hijacks of authoritative DNS servers with a technique similar to what was used in April," the firm said in a report. "This time the targets included US payment processing companies."
As in the Amazon case, these more recent BGP hijacks enabled imposter DNS servers to return forged DNS responses, misdirecting unsuspecting users to malicious sites.
By using long TTL (time to live) values in the forged responses, recursive DNS servers held these bogus DNS entries in their caches long after the BGP hijack had disappeared, maximising the duration of the attack, Oracle said.
The company warned that we can expect to see more of these types of attacks against high-value targets on the the internet in the near future.
Security expert and IP development engineer at NTT Communications, Job Snijders, suggested that consolidation of the internet industry might help to foil such attacks.
"If the major DNS service providers (both on the authoritative and recursive side of the house) sign their routes using RPKI, and validate routes received via EBGP, the impact of attacks like these would be reduced because protected paths are formed back and forth," Snijders said.
"Only a small specific group of densely connected organisations needs deploys RPKI based BGP Origin Validation to positively impact the Internet experience for billions of end users," he added.
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend