Hacker intrusions on organizations’ Domain Name Systems (DNS) have become prevalent in recent times. According to the 2021 Global DNS Threat Report from network security automation solutions provider EfficientIF, nearly 90% of organizations sustained a Domain Name System (DNS) attack last year. Threat actors exploit vulnerabilities in the DNS to access the targeted network systems. Cybercriminals use various hacking tactics to compromise critical digital assets, and one of them is DNS Tunneling.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
DNS is an important protocol that plays a critical role in web browsing and email services. DNS enables applications and service platforms to use domain names (like cisomag.com) rather than IP addresses.
DNS tunneling is a malicious activity leveraged by threat actors to bypass the firewall and tamper with DNS queries and responses protocols. In a DNS tunneling attack, hackers use data payloads to compromise the targeted DNS server and remotely take over operations.
Initially, hackers deploy the malware into DNS queries to create a covert communication channel bypassing security scans. This will enable bad actors with a backchannel to exfiltrate sensitive data from the compromised DNS.
DNS attackers then tunnel protocols like SSH or HTTP in the DNS server and stealthily tunnel IP traffic. DNS tunneling technique allows attackers to transfer files, download additional payloads to the existing malware, and gain complete remote access to the targeted system.
DNS misuse can be identified in two ways:
About the Author
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post What is DNS Tunneling and How is it Prevented? appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor