Bugs in DNS Services

12th August 2021, Kathmandu

Cybersecurity researchers have disclosed an incipient class of susceptibilities impacting major DNS-as-a-Accommodation (DNSaaS) providers that could sanction assailers to exfiltrate sensitive information from corporate networks.

“We found a simple loophole that sanctioned us to intercept a portion of ecumenical dynamic DNS traffic going through managed DNS providers like Amazon and Google,” researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz verbalized.

Calling it a “bottomless well of valuable intel,” the treasure trove of information contains internal and external IP addresses, computer denominations, employee names and locations, and details about organizations’ web domains. The findings were presented at the Ebony Hat USA 2021 security conference last week.

“The traffic that leaked to us from internal network traffic provides maleficent actors all the intel they would ever need to launch a prosperous attack,” the researchers integrated. “More than that, it gives anyone a bird’s ocular perceiver view on what’s transpiring inside companies and regimes. We liken this to having nation-state level spying capability – and getting it was as facile as registering a domain.”

The exploitation process hinges on registering a domain on Amazon’s Route53 DNS accommodation (or Google Cloud DNS) with the same name as the DNS name server — which provides the translation (aka resolution) of domain names and hostnames into their corresponding Internet Protocol (IP) addresses — resulting in a scenario that efficaciously breaks the isolation between tenants, thus sanctioning valuable information to be accessed.

In other words, by engendering an incipient domain on the Route53 platform inside AWS name server with the same moniker and pointing the hosted zone to their internal network, it causes the Dynamic DNS traffic from Route53 customers’ endpoints to be hijacked and sent directly to the rogue and same-denominated server, thus engendering a facile pathway into mapping corporate networks.

“The dynamic DNS traffic we wiretapped emanated from over 15,000 organizations, including Fortune 500 companies, 45 U.S. regime agencies, and 85 international regime agencies,” the researchers verbally expressed. “The data included a wealth of valuable intel like internal and external IP addresses, computer denominations, employee designations, and office locations.”

While Amazon and Google have since patched the issues, the Wiz research team has additionally relinquished an implementation to let companies test if their internal DDNS updates are being leaked to DNS providers or malevolent actors.

Previous articleKhalti Facilitate Online Renewal Payments of Oriental Insurance Premium
Next articleUsers Can Be Just As Dangerous As Hackers
Mina Aryal
http://ictframe.com/
Mina Aryal is a Nepali tech journalist and media expert. She is currently the chief editor of ICT Frame, a leading online tech media outlet in Nepal that covers topics such as technology, business, and entrepreneurship. Aryal has been involved in the field of tech journalism for over a decade and has covered various topics such as internet governance, cybersecurity, e-commerce, and startup ecosystems. She has also been involved in organizing and promoting tech events in Nepal to bring together tech enthusiasts, entrepreneurs, and investors to discuss and collaborate on various topics related to the tech industry. Aryal is considered one of the most influential tech journalists in Nepal and has been recognized for her contributions to the field.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here