DNS infrastructure always remains an attractive target for cyber attackers and some recent targeted attacks on DNS highlight the increasingly sophisticated attack techniques used by hackers.

New ways

Attackers often target DNS via attacks such as tunneling, phishing, hijacking, cache poisoning, and DDoS, however, other attack methods have also been observed.

  • The DNS-based attack dubbed Spalax was targeting the Colombian government and private companies, especially those belonging to energy and metallurgical industries, via dynamic DNS services.
  • Attackers were using a pool of domain names that were dynamically assigned to IP addresses. By doing this, one domain name can be associated with several IP addresses over a period of time and vice versa.

Recent DNS-based attacks 

A SAD DNS vulnerability has been observed to be reviving DNS cache poisoning differently. The vulnerability is being tracked as CVE-2020-25705.

  • Death stalker group, has been found using an unknown malicious implant that uses DNS over HTTPS as a C2 channel. Later, the implant was named PowerPepper.
  • An unnamed RAT was found to be hiding as a DNS or an SSH server daemon to evade detection and hinder analysis. The unnamed RAT was associated with Magecart.
  • The Voyager LLC halted trading after suffering a cyberattack targeting their DNS configuration.

Conclusion

Experts suggest performing context-aware and real-time DNS traffic analysis for behavioral threat detection, keeping DNS resolvers private and protected, and regularly updating the operating system and software.