Security researchers have discovered a Vulnerabilities in new DNS class related to affecting a major DNS Service (DNSaaS) provider that allows attackers to gain access to confidential information on corporate DNS service providers (also known as managed DNS servers providers provide its rental services to other organizations that do not want to independently manage and secure their other network assets. As revealed at the Black Hat security conference, according to Wiz researchers Shir Tamari and Ami Luttwak at cloud security firm, these flaws provide threat actors with the ability to gather national intelligence in a simple domain registration.
From domain name registration to brute force eavesdropping of DNS traffic:
As they described, the exploitation process is very simple. You registered a domain and used it to hijack your Vulnerabilities in new DNS provider’s name servers (in this case Amazon Route 53), enabling eavesdropping. Dynamic Vulnerabilities in new DNS streaming from Route53 customer’s network.
“We’ve found a simple loophole that allows us to intercept some of the world’s dynamic its traffic through managed DNS providers like Amazon and Google,” Wiz researchers said.
Eavesdropping dynamic DNS traffic on was from over 15,000 organizations, including Fortune 500 companies 45 US government agencies 85 international government agencies.” from very sensitive details of an organization’s infrastructure, including network devices exposed to the Internet. For researchers used network traffic received from 40,000 corporate endpoints to map the location of one of the world’s largest service companies’ offices.
The information gathered in this way provides a “bird’s-eye view of what happens within businesses and governments” and “national-level information,” making it easier for threat actors to compromise an organization’s network. You can do it. Intelligence research found no evidence that the Vulnerabilities in new DNS they discovered had previously been exploited in the wild, but as they explain, knowledge of the problem and the technology to exploit it One person said, “We have collected data that has not been detected for more than 10 years.” At Black Hat “The impact is the bar. In the registration of the three name servers of the six major DNSaaS providers we investigated. It was vulnerable. ” All cloud providers, domain registrars and website hosts that offer DNSaaS are vulnerable.
Fixed by some and annoying other users What makes the situation of worse two major Vulnerabilities in new DNS providers (Google and Amazon) have already fixed such DNS bugs. However, other providers are still vulnerable and expose millions of devices to attack.
Moreover, it’s not clear who has to fix important DNS bugs. Windows endpoints are on the internal network. A dynamic DNS algorithm could be tuned to allow traffic to be leaked to a malicious its server, and Microsoft has already said Wiz this is not a vulnerability.
As Microsoft explained, this flaw is “a known misconfiguration that occurs when an organization uses an external DNS server resolver.”
Redmond advises internal and external hosts to use different DNS names and regions to avoid its conflicts and network issues, and details on how to properly configure DNS server dynamic updates on Windows. Provides a manual about.
The managed its provider correctly passes the RFC “Reserved Name” specification, confirms ownership, confirms the domain and issues name server hijacking before allowing customers to register. Can be resolved. Companies that rent DNS servers can also modify the Start of Authority (SOA) record to block internal network traffic that is leaking through dynamic DNS updates.
