Security News > 2021 > August > New DNS Attack Enables 'Nation-State Level Spying' via Domain Registration
A new domain name system attack method that involves registering a domain with a specific name can be leveraged for what researchers described as "Nation-state level spying."
The attack method was identified by researchers at cloud infrastructure security company Wiz while conducting an analysis of Amazon Route 53, a cloud DNS web service offered to AWS users.
Route 53 provides roughly 2,000 DNS servers that have names such as ns-852.awsdns-42.net.
The Wiz researchers discovered that registering a domain with such a name and adding it in Route 53 to the DNS server with the same name had some interesting results if they linked the domain to the IP address of a server they controlled.
After being informed about the issue, Amazon and Google implemented fixes, but Wiz believes other DNS providers could be vulnerable as well, which means such attacks would still be possible.
Wiz says that while service providers could take some steps to prevent such incidents, organizations can prevent such data leakage by ensuring that DNS resolvers are properly configured to prevent dynamic DNS updates from leaving the internal network.