DNS Tunneling
DNS Tunneling
A hacker group known as OilRig has made regular attacks on various governments and businesses in the Middle East using a variety of tools and methods over the past several years. An essential element of its efforts to disrupt daily operations and exfiltrate data is maintaining a connection between its command-and-control server and the system it’s attacking using DNS tunneling.
What you need to know: The traffic passing through DNS often goes unmonitored, since it’s not designed for data transfer, leaving it vulnerable to several kinds of attacks, including DNS tunneling, which happens when an attacker encodes malicious data into a DNS query: a complex string of characters at the front of a URL. There are valid uses for DNS tunneling — anti-virus software providers use it to send updated malware profiles to customers in the background, for example. Because of the possibility of legitimate use, it’s important for organizations to monitor their DNS traffic thoroughly, allowing only trustworthy traffic to continue flowing through the network
Comments
Post a Comment