New Category of DNS Vulnerabilities Impacts Numerous DNSaaS Platforms
Even If the Vulnerability Can be Used by Any Skilled Hacker, the Researchers Have No Proof the Flaw Has Been Exploited in the Wild so Far.
A brand-new category of DNS flaws that affects important DNS-as-a-Service (DNSaaS) suppliers has been recently discovered by cybersecurity specialists.
According to them, these vulnerabilities could enable cybercriminals to gain access and exfiltrate private data belonging to service customers’ corporate systems. Three major cloud providers including AWS Route 53 have been already impacted and many more are expected to follow.
As shown by the cloud security company Wiz researchers Shir Tamari and Ami Luttwak, the leaked data include:
- internal and external IP addresses;
- employee’s computer names;
- NTLM / Kerberos tickets.
DNS-as-a-Service (DNSaaS) suppliers come to the rescue of the companies unwilling to be responsible for an additional network asset by offering them DNS renting services.
The security researchers said this new class of vulnerabilities provides hackers with nation-state intelligence collecting abilities and all they have to do is register a domain name.
How Were the DNS Vulnerabilities Exploited?
As explained by the two specialists, a domain was registered and then used to seize a DNSaaS supplier’s nameserver such as Amazon Route 53.
This enabled the threat actors to use a listening device to carry out surveillance on dynamic DNS traffic streaming from Route 53 users’ networks.
We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google.
The dynamic DNS traffic we ‘wiretapped’ came from over 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 international government agencies.
Even though the DNS vulnerabilities can be used by any skilled threat actor, the researchers have no proof the flaws have been exploited in the wild so far.
The impact is huge. Out of six major DNSaaS providers we examined, three were vulnerable to nameserver registration. Any cloud provider, domain registrar, and website host who provides DNSaaS could be vulnerable.
Unfortunately, there are still DNS service providers who didn’t take care of the DNS vulnerabilities situation yet. It is a concern as many devices out there are still vulnerable to these types of attacks. Fortunately, important providers such as Amazon and Google have already addressed the new flaws.
It’s still unclear who is supposed to patch up the DNS vulnerability as Microsoft told the Wiz researchers that it is not a bug.
According to the multinational tech company, this vulnerability happens when a company collaborates with external DNS services.
DNS users are recommended to use distinct DNS names and areas for internal and external hosts in order to avert network problems and can further find information on how to correctly configure DNS dynamic updates in Windows here.
Check the report issued by the cloud security company Wiz and discover more details and technical specifics.