Posted on August 8, 2021 at 9:15 AM
A new class of DNS vulnerabilities that impacts major DNS-as-a-Service (DSNaaS) providers have been discovered. The bug could equip threat actors to access sensitive information on corporate networks. According to reports about the vulnerability, it could also give the hackers the ability to launch nation-state spying.
The threat actors can use a single domain registration to gain intelligence harvesting abilities.
“We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic,” the researchers explained.
According to the report, the intercepted dynamic DNS traffic came from more than 15,000 organizations, including 85 international government agencies, 45 U.S. government agencies, and fortune 500 companies.
Some providers have been impacted
According to the cybersecurity specialists who discovered the vulnerabilities, three popular cloud providers have also been affected and there is a high possibility that more will be impacted.
The researchers from Wiz Researchers, Ami Luttwak and Shir Tamari, stated that the leaked data include NTLM / Kerberos tickets, employee’s computer names, and internal/external IP addresses.
The internal IP address can reveal the geographical locations of the organizations while their computer names can show the potential content they may hold. On the other hand, the external IP addresses may link the organization’s network segments.
DNS-as-a-Service (DNSaas) offers DNS renting services to firms that are not willing to take responsibility for an additional network asset.
The two security experts explained how it is possible to exploit the vulnerabilities discovered. According to the researchers, a domain was registered and utilized to control the nameserver of a DNSaas supplier like Amazon Route 53. As a result, the hackers were able to utilize a listening device to survey the dynamic DNS traffic.
The main cause of the problem is the non-standard implementation of the DNS resolvers. They can lead to a major information leak when they are connected to unintended edge cases. This, according to the researchers, can lead to massive leakage from internal corporate networks, as the research experts observed.
No proof that the bugs have been exploited
The researchers admitted that any skilled hacker with the right tools can easily exploit the vulnerability. However, they admitted that it’s not clear whether any threat actor has exploited any of the bugs. The researchers noted that they have not seen any exploited vulnerability on the DNS servers in the wild.
The researchers stated that the impact of the vulnerability when exploited could be massive. They examined six top DNSaaS providers, but three of them were susceptible to nameserver registration. Any website host, domain registrar, or cloud provider that offers DNSaaS could be vulnerable, according to the security researchers.
Providers asked to act swiftly
DNS service providers have been advised to take care of their DNS vulnerability situation, as many of them are yet to act. The researchers say it’s a major worry that several devices are still vulnerable to the types of attacks. However, top providers like Google and Amazon are now addressing the situation.
The researchers have advised other providers to follow the same route and improve their security infrastructure. They are asked to update their servers with the top security infrastructure that will stand against any exploitation by the threat actors.
Averting network problems
Microsoft, on the other hand, replied to the Wiz researchers that the vulnerability is not an actual bug. The tech giant stated that such vulnerabilities occur because of collaboration between a firm and external DNS services.
The researchers have asked DNS users to avert network issues by using different DNS areas and names for external and internal hosts. Microsoft has also provided a link where the DNS providers can find further information and guide when protecting their servers from exploitation.
During this year’s Black Hat summit in Las Vegas, security researchers proved that Microsoft Windows can reveal some sensitive customer details during DNS update queries.
They also revealed the danger involved when DNS updates are exposed to a malicious 3rd party. They can show important network information they can utilize from the organization.