Top DNS Threats and How to Deal with Them

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top DNS Threats and How to Deal with Them-6 Next

DNS Tunneling and Data Exfilitration

DNS tunneling exploits an organization's lack of security and monitoring of DNS traffic to bypass expensive security controls. Hackers or knowledgeable insiders are able to use an organization's DNS infrastructure to bypass network access or security controls to create tunnels that access the Internet directly, without being scanned by traditional security solutions. DNS tunneling uses DNS queries and responses to send data that cannot otherwise be sent via traditional network connections. The tunnel consists of a client inside a restricted network and a server that acts as an authoritative DNS server, using an agreed-upon domain name as the basis for queries and responses. Even if the user is not malicious (they may be using the tunnel to access websites that are normally locked-down), they are exposed to malware, phishing and other threats because their traffic is not subject to the usual security checks.

An especially malicious use of DNS tunneling is for data exfiltration, where sensitive internal information is sent out of a local network by using DNS tunneling techniques. This can lead to major data breaches of the sort seen recently at Target, Home Depot and Anthem.

The best form of defense against DNS tunneling and data breach over DNS is to continually monitor DNS traffic, ideally in a real-time manner. Tunneling can be detected from offline solutions such as SIEMs, but this requires all DNS lookups to be logged, and any analysis tends to be manual, time-consuming and after the fact. Deploying real-time detection of tunneling allows instant detect and mitigation of the threat.

The domain name system (DNS) is a critical component of the Internet, translating domain names such as into Internet protocol (IP) addresses. However, since most standard security measures do not block DNS traffic, cyber criminals are able to infiltrate networks and gain access to proprietary data. In addition to launching attacks, cyber criminals can also exploit an organization's DNS infrastructure to cause outages.

In a survey conducted by Vanson Bourne, 66 percent of U.S. respondents reported that their organization suffered a DNS attack within the last 12 months. Even more troubling, respondents indicated that the attack resulted in loss of Internet service (63 percent), an increase in customer complaints (42 percent) and the loss of confidential customer information (33 percent).

Over the past year, some of the world's most highly trafficked media and social networking sites have been disrupted by DNS attacks, with hackers seizing control of their websites by changing information in the organizations' DNS databases. Recently, both websites for Lenovo and Google were victims of "domain hijacking." During the attack, visitors to Google's Vietnamese site were redirected to another site. Visitors to Lenovo's site were maliciously redirected to a defaced site controlled by the well-known hacker group, Lizard Squad.

In this slideshow, Cloudmark CTO Neil Cook shares five of the top DNS threats, their potential impact on organizations, and best practices for identifying and preventing such attacks.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Compliance4-190x128 GRC Programs: Building the Business Case for Value

Experience shows that organizations that manage GRC as an integrated program — involving people, processes and technologies — are more successful in delivering value to their organizations ...  More >>

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.