Hackers use DNS tunneling for network scanning, tracking victims

Threat actors are using Domain Name System tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
DNS tunneling is the encoding of data or commands that are sent and retrieved via DNS queries, essentially turning DNS, a fundamental network communication component, into a covert communications channel.
The threat actors encode the data in various ways, such as Base16 or Base64 or custom textual encoding algorithms, so they can be returned when querying DNS records, such as TXT, MX, CNAME, and Address records.
Hackers commonly use DNS tunneling to bypass network firewalls and filters, employing the technique for command and control and Virtual Private Network operations.
There are also legitimate DNS tunneling applications, such as for bypassing censorship.
Palo Alto Networks' Unit 42 security research team recently discovered additional use of DNS tunneling in malicious campaigns involving victim tracking and network scanning.
The attackers embed content in an email that, when opened, performs a DNS query to attacker-controlled subdomains whose FQDN contains encoded content.
Which resolves to a CNAME to a primary authoritative name server.
This approach allows the attackers to evaluate their strategies, refine them, and confirm the delivery of malicious payloads to their victims.
The attackers embed IP addresses and timestamps into DNS queries to map out network layouts and discover potential configuration flaws that can be exploited for infiltration, data theft, or denial of service.
The DNS queries used in this campaign were periodically repeated to enable real-time data gathering, detect status changes, and test the response of different network parts to unsolicited DNS requests.
Threat actors opt for DNS tunneling over more traditional methods like tracking pixels and regular network scanning tools for several reasons, including the ability to bypass security tools, avoid detection, and maintain operational versatility.
Unit 42 proposes that organizations implement DNS monitoring and analysis tools to monitor and analyze logs for unusual traffic patterns and anomalies, such as atypical or high-volume requests.
It's advisable to limit the DNS resolvers in the network to handle only the necessary queries, reducing the potential of DNS tunneling misuse.
Roid bug leaks DNS queries even when VPN kill switch is enabled.
Turn your phone into a scanner with $140 off the SwiftScan VIP app.
New XZ backdoor scanner detects implant in any Linux binary.
New 'Loop DoS' attack may impact up to 300,000 online systems.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 13 May 2024 17:50:12 +0000


Cyber News related to Hackers use DNS tunneling for network scanning, tracking victims

How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
10 months ago Esecurityplanet.com
DNS Tunneling Abuse Expands to Tracking & Scanning Victims - Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim's network infrastructure as well as track victims' online behavior. Researchers from Palo Alto Networks' Unit 42 have identified ...
5 months ago Darkreading.com
Hackers use DNS tunneling for network scanning, tracking victims - Threat actors are using Domain Name System tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. DNS tunneling is the encoding of data or commands that are sent ...
5 months ago Bleepingcomputer.com
7 Best Vulnerability Scanning Tools & Software - Vulnerability scanning tools scan assets to identify missing patches, misconfigurations, exposed application vulnerabilities, and other security issues to be remediated. To help you select the best fitting vulnerability scanning solution, we've ...
9 months ago Esecurityplanet.com
ExpressVPN bug has been leaking some DNS requests for years - ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. The bug was introduced in ExpressVPN Windows versions 12.23.1 - ...
8 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
10 months ago Securityboulevard.com
Understanding DNS Zones: A Comprehensive Guide - DNS stands for Domain Name System, and it is one of the most important components of the Internet. It is a network of servers that coordinates the registration, updating and resolution of domain names, so that users can easily access websites and ...
1 year ago Heimdalsecurity.com
Microsoft tests Windows 11 encrypted DNS server auto-discovery - Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info ...
11 months ago Bleepingcomputer.com
Attacks abuse Microsoft DHCP to spoof DNS records The Register - A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers. We're told the attacks - which are ...
11 months ago Go.theregister.com
How ID Scanning Apps Can Prevent Fraud - One effective solution is the use of ID scanning applications. These apps provide businesses with an efficient method to verify customer identities and reduce the risk of fraud. In this article, we will explore how ID scanning apps help prevent fraud ...
5 months ago Hackread.com
Understanding Vulnerability Scanning and How to Protect Your Networks - Vulnerability scanning is an important part of maintaining the security of networks and systems. It is the process of identifying and analyzing software vulnerabilities in a system or network that could be exploited by hackers to gain unauthorized ...
1 year ago Heimdalsecurity.com
Hackers Use Malware to Hunt Software Vulnerabilities - Many threat actors are turning to malware to scan software vulnerabilities that they can use in future cyber-attacks. Security researchers at Unit 42, the threat intelligence branch of cybersecurity provider Palo Alto Networks, discovered a ...
6 months ago Infosecurity-magazine.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
Network Protection: How to Secure a Network - Network security protects and monitors the links and the communications within the network using a combination of hardware, software, and enforced policies. Best practices for network security directly counter the major threats to the network with ...
5 months ago Esecurityplanet.com
Why Use a VLAN? Unveiling the Benefits of Virtual LANs in Network Security - Virtual Local Area Networks, or VLANs, serve as a critical computing technology designed for effective network traffic management. How VLANs function within a network environment revolves around effectively managing and directing network traffic. ...
10 months ago Securityboulevard.com
KeyTrap attack: Internet access disrupted with one DNS packet - A serious vulnerability named KeyTrap in the Domain Name System Security Extensions feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC and impacts ...
8 months ago Bleepingcomputer.com
SANS Internet Storm Center - A DNS suffix is a configuration of the Windows DNS client to have it append suffixes when doing domain lookups. If a DNS suffix local is configured, then Windows' DNS client will not only do a DNS lookup for example.com, but also for example.com. ...
5 months ago Isc.sans.edu
47 Years Later: Serious Security – How Deliberate Typos Might Improve DNS Security - The Domain Name System (DNS) is an internet infrastructure that has been around since the early 80s and still plays an integral part in how websites and online services are accessed. Although it has been in use for almost 47 years, security issues of ...
1 year ago Nakedsecurity.sophos.com
'KeyTrap' DNS Bug Threatens Widespread Internet Outages - Although it's been sitting there since 2000, researchers were just recently able to suss out a fundamental design flaw in a Domain Name System security extension, which under certain circumstances could be exploited to take down wide expanses of the ...
8 months ago Darkreading.com
Top 10 Endpoint Security Best Practices That Help Prevent Cyberattacks - Endpoints are one of the hackers` favorite gates to attacking organizations` networks. Setting foot into only one of the connected devices can open the way for threat actors to deploy malware, launch phishing attacks, and steal data. Antiviruses are ...
1 year ago Heimdalsecurity.com
DNSSEC vulnerability puts big chunk of the internet at risk The Register - A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS ...
8 months ago Go.theregister.com
Lost and found: How to locate your missing devices and more - Physical trackers are small, circular or square-shaped objects that use simple replaceable batteries to remain charged for a long time. For travelers going around with luggage on trains and planes, there have been times when they come in really handy ...
10 months ago Welivesecurity.com
Researchers Uncovered an Active Directory DNS spoofing exploit - In the intricate web of our interconnected world, the Domain Name System stands as a linchpin, directing users to their online destinations. Even this vital system is not impervious to the dark art of malicious manipulation. In a recent revelation by ...
10 months ago Gbhackers.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)