A security analyst is investigating an incident where multiple users reported that when they tried to access their company's legitimate cloud-based storage portal, they were redirected to a fraudulent website that prompted them for their credentials. The users confirmed they had typed the correct URL into their browsers. Which of the following attacks MOST likely occurred?
This scenario describes DNS cache poisoning, also known as DNS spoofing. In this attack, an attacker introduces incorrect DNS data into a DNS resolver's cache, causing the server to return a malicious IP address for a legitimate domain. When users attempt to access the legitimate site, they are redirected to the attacker's fraudulent site. A DDoS attack would make the service unavailable, not redirect it. An on-path attack could potentially intercept and redirect traffic, but DNS poisoning specifically targets the name resolution process itself. Credential replay involves an attacker maliciously reusing stolen credentials, which would be a potential outcome of this attack, not the cause of the redirection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS cache poisoning?
Open an interactive chat with Bash
How is DNS cache poisoning different from an on-path attack?
Open an interactive chat with Bash
How can organizations prevent DNS cache poisoning?