New DNS Bug Let Hackers Spy Valuable Dynamic DNS Data From Millions of Endpoints

Recently a very new set of vulnerabilities has been detected by cybersecurity researchers, and according to their report, this vulnerability is continuously affecting the major DNS-as-a-Service (DNSaaS) providers.

This vulnerability is quite critical and it might enable the threat actors to exfiltrate all the delicate data from corporate networks.

However, we all know that DNSaaS providers that are also know as managed DNS providers are very popular, as this provides DNS renting co-operations to those businesses who don’t want to maintain and secure another additional network asset on their own.

Apart from this, it was also being revealed by the cloud security firm Wiz researchers, Shie Tamari and Ami Luttwak at the Black Hat security conference that these DNS flaws contribute to threat actors with nation-state intelligence-gathering abilities with simple domain registration.

Researchers Exploited the DNS bug  

After investigating the whole matter, the experts have explained that how a user can exploit the DNS bug, initially we all know that there were two main players one is:

  • DNS Domain registrars
  • DNS hosting providers 

The experts have claimed that DNS host is the service that is reliable for hosting all DNS records. On the other side, you can purchase domain names in a domain registrar. 

Not only this but there are also DNS hosting providers that generally offer domain registration and many more things. But the experts have notified that one should not get confused by these two services as both of them does different work.

Indiscriminately domain name registration to wiretapping traffic

The process of exploitation is quite simple, as they generally registered a domain and later use it to seize a DNSaaS provider’s nameserver.

Doing this enables them to wiretap on dynamic DNS traffic that is frequently streaming from Route 53 customers’ networks. 

While according to the report, the dynamic DNS traffic that the analysts ‘wiretapped’ developed from over 15,000 businesses, which also include Fortune 500 companies, 45 U.S. government agencies, and 85 international government businesses.

All the data which were being harvested has been extended from employee/computer names and locations that contain very sensitive details concerning organizations’ foundation, which also include Internet-exposed network devices as well.

Traffic received by the researchers

During the investigation the experts found many key details regarding the vulnerability, however, they also mapped the office locations with the help of the world’s largest services companies using network traffic, and after mapping it they came to know that they have received 40,000 corporate endpoints.

Framed by some, plausible plaguing others 

However, it has not been cleared yet that who should fix this critical DNS bug. As Microsoft has demonstrated, that this flaw is a known misconfiguration that happens when a company works with outer DNS resolvers.

To avoid DNS conflicts and issues, Redmond recommends using separate DNS names and zones for internal as well as for external hosts. Doing this will help to bypass DNS conflicts and network issues.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.