Security News > 2021 > August > Black Hat: Novel DNS Hack Spills Confidential Corp Data

Black Hat: Novel DNS Hack Spills Confidential Corp Data
2021-08-12 20:30

"We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google. Essentially, we 'wiretapped' the internal network traffic of 15,000 organizations and millions of devices," Wiz wrote in a technical breakdown of the bug.

Luttwak calls what he found a "Loophole" within the process used to handle the now obsolete dynamic DNS within modern DNS server configurations.

What researchers observed next was a flood of dynamic DNS traffic from Windows machines that were querying the "Hijacked name server" about itself.

DNSaaS providers Route53 and Google Cloud DNS fixed the issue by disallowing the type of copycat registration that mirrored their own DNS server.

"Microsoft could provide a global solution by updating its dynamic DNS algorithm. However, when we reported our discovery to Microsoft, they told us that they did not consider it a vulnerability but rather a known misconfiguration that occurs when an organization works with external DNS resolvers," researchers said.

Luttwak said that companies can avoid this type of DNS exploitation by configuring their DNS resolvers properly so dynamic DNS updates do not leave the internal network.


News URL

https://threatpost.com/black-hat-novel-dns-hack/168636/