The issues provide attackers with the ability to gather intelligence through a simple domain registration.
Cybersecurity researchers at Wiz have discovered a new class of DNS vulnerabilities affecting major DNS-as-a-Service (DNSaaS) providers. The exploitation of vulnerabilities allows attackers to gain access to confidential information on corporate networks.
The specialists demonstrated their findings at the Black Hat conference. The issues provide attackers with the ability to gather intelligence globally through simple domain registration, experts say.
The exploitation process is fairly straightforward, the researchers explained – they registered a domain and used it to hack the DNSaaS provider’s DNS server (in their case, Amazon Route 53), allowing them to listen to a dynamic stream of DNS traffic from Route 53 client networks.
“The dynamic DNS traffic we accessed came from more than 15,000 organizations, including Fortune 500 companies, 45 US government agencies, and 85 international government agencies,” the experts said.
The data collected included the names of employees, the names of computers and their locations, as well as sensitive information about the organization’s infrastructure, including network devices available on the Web. In one case, researchers mapped the locations of one of the world’s largest service companies using network traffic from 40,000 corporate endpoints.
Such information can greatly simplify the work of intruders to penetrate the organization’s network and further espionage.
The researchers found no evidence that the DNS vulnerability they discovered was previously used in actual attacks. However, any hacker aware of these problems “could collect data and go unnoticed for more than ten years,” the experts noted. In addition, while the two major DNS providers (Google and Amazon) have already patched these vulnerabilities, others are likely still vulnerable, putting millions of devices at risk of attacks.
Catch up on more stories here
Follow us on Facebook here