Cache Poisoning

Cache Poisoning is the poisoning or editing of a pre-saved cache in your local system by a hacker. So that the next time you visit the same website, the poisoned cache redirects you to the phishing website. If you enter your credentials there, they are straightaway stolen and you are then redirected again to the original website so that you do not notice for the brief time you were on a phishing website and the user thinks they must have entered the wrong password.

Why is DNS Cache Poisoning Dangerous?

DNS Poisoning is one of the hardest attacks so far to be registered in some of the companies and research shows that it’s very hard for hackers to do DNS Poisoning. Cache poisoning is an attack on the local DNS cache saved on the device. It is a type of phishing attack. Since the URL looks exactly like the original one, it is hard to differentiate at this point.

Usually, the browser automatically resolves the domain address without interruption. This is why these attacks are rare nowadays. However, if the browser accepts a single fake entry, millions of users might be redirected to the fake website instead of the original one. If that happens, a hacker is capable of doing damage to the user by

a. Installing malware on a user’s computer

b. Steal critical data like personal data or financial information

c. Steal Usernames and passwords saved locally on the device

How to avoid Cache Poisoning?

From the user’s end, it is difficult to prevent falling to the fake website even if the local cache is deleted from the server as it might be reached again by individual devices and cause issues. Cache poisoning can truly be stopped from the ends of Website owners and DNS service providers. Even then, some of the best practices are:

1. Regularly flush DNS from server

2. Avoid clicking on unknown links

3. Regularly scan the device for virus, malware, Trojan etc.

4. Avoid using public networks when possible