Etisalat Cyber-Attack Explained: Experts Speak Out

By root

23 Dec 2014

In the aftermath of last week’s temporary defacement of Etisalat’s commercial websites, regional cyber security experts have identified the operation as a DNS (domain name system) cache poisoning exploit.
The end product of DNS cache poisoning is the replacement of a lookup entry on a DNS server with a false address. Specialists contacted by ITP.net say this kind of attack is on the increase and DNS ranks only behind HTTP attacks in terms of popularity as an attack vector.
“DNS is projected to surpass HTTP to become the number one attack vector within the next 12 months,” warned Cherif Sleiman, general manager, Middle East at Infoblox. “In the past year alone, DNS attacks have increased by more than 200%. In the same way that today companies cannot build networks without firewalls and intrusion prevention systems, we have entered an era where organisations can no longer build networks without DNS security.”
Nicolai Solling, Director, Technology Services, Help AG believes this is the first DNS poisoning attack on a telecoms provider in the region.
“From a technical perspective it is relatively straight forward to understand what happened, but not necessarily how,” he said. “As the website is as prominent as etisalat.ae I would say that exactly due to the size and users on the site, it is a major attack.”
“For as long as the false entry is cached, incoming Web requests and emails will go to the attacker’s address,” Sleiman said. “There are many ways to accomplish this. New cache poisoning attacks… use brute force, flooding DNS responses and queries at the same time hoping to get a match on one of the responses and poison the cache.”
Bothe Sleiman and Solling cited a number of possible motives for the attack, including financial gain and reputation enhancement among other hackers. Gains can include the hijacking of computers for botnets and other nefarious purposes. This is why popular, high-profile sites are chosen by attackers.
“It is important to understand that while it is Etisalat.ae that is effected the issue could be outside the Etisalat infrastructure, however as we have only heard about etisalat.ae, it is most likely the DNS servers of Etisalat that were effected,” Solling said.

Related Press Release

Press

29 Mar 2024

Help AG Achieves Fortinet’s Engage Preferred Services Partner Designation

Dubai, United Arab Emirates, March 28th, 2024 – Help AG, an e& enterprise company and the Middle East’s trusted security […]

Press

12 Dec 2023

Help AG and Imperva Join Forces to Bolster Data and Application Security

Dubai, United Arab Emirates, 12 November, 2023 – Help AG, the cybersecurity arm of e& enterprise and the Middle East’s […]

Press

15 Nov 2023

شركة Help AG تُثبت ريادتها في خدمات الأمن المدارة في فعالية Black Hat MEA 2023

بصفتها الشركة الرائدة في مجال خدمات الأمن السيبراني المُدارة بحسب تقييم IDC MarketScape لعام 2023 في منطقة دول مجلس التعاون […]

Press

15 Nov 2023

Help AG demonstrates leadership in Managed Security Services at Black Hat MEA 2023

As the MSS Leader in IDC MarketScape 2023 for MSS in the GCC region, Help AG boasts a comprehensive cyber […]

Press

21 Jun 2023

Help AG Launches the Middle East’s First Integrated Cyber Defense Platform, UNIFY

The platform unifies the capabilities of visibility, collaboration, orchestration and automation for a seamless user experience and consistent service delivery. […]