image15_edited_edited.jpg

Hijack Attacks

image23.png

The Core of the Internet

The internet uses two main mechanisms to ensure that network traffic traverses safe, trusted paths and reaches the right destination. One mechanism is the Domain Name System (DNS) that serves as the "internet phonebook". Computers use DNS to look up the addresses of destinations they wish to send information to. The other mechanism is the Border Gateway Protocol (BGP). BGP is used by the networks that comprise the internet to find the location of different addresses and paths to them.

Trust

Unfortunately, both mechanisms were designed with trust in mind when the internet was small and safe. At the time, network operators knew each other; there was no reason to design security mechanisms into the internet’s operation.

 

Today’s internet is not as safe as it once was. It consists of over 100,000 individual networks interconnected via hundreds of IXPs (Internet Exchange Points). Not all of whom are well managed and trustworthy. Spammers, fraudsters, criminal organizations, and even nation-states utilize various types of network hijack attacks to advance their nefarious goals.

Network Hijacks

Network hijacks are powerful classes of cyber attacks that subvert the internet naming and routing systems (DNS and BGP), allowing an attacker to impersonate a chosen victim on the internet. A successful attack is akin to an attacker hijacking someone's phone number. It allows the attacker access to the victim’s phone calls, text messages, and more.

 

Network hijacks are being used to conduct various kinds of malicious activity, such as man-in-the-middle attacks, watering hole attacks, and denial of service. Attackers use hijacks as a means of gaining covert access to sensitive information such as e-mail and video/voice calls for espionage purposes, gaining access to credentials, and planting malware. The consequences of each one of these activities can be devastating to even sophisticated, well-protected organizations.

 

Network hijacks are hard to deal with. Unlike more traditional attacks, they allow attackers to compromise an organization by attacking not the organization, but sensitive traffic flowing through other networks halfway around the world. Monitoring for and defending against these attacks requires worldwide infrastructure and intimate knowledge of the internet network operator ecosystem.

BGProtect

BGProtect is the only company offering a comprehensive solution to network hijacks that can detect all forms of these dangerous attacks. Our solution is tailored to your needs and budget and optionally includes consulting, 24/7 incident response and management, and threat intelligence services for more peace of mind.