A new class of vulnerabilities was recently discovered that could allow attackers to break into corporate networks and exfiltrate sensitive information. Cybersecurity researchers have disclosed this vulnerability in major DNS-as-a Service (DNSaaS) providers, which can be used by anyone with a malicious intention to steal private data from the network’s serverless systems without detection.
We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google.
researchers Shir Tamari and Ami Luttwak from infrastructure security firm Wiz
A treasure trove of valuable intel was found in a bottomless well last week. The company’s IP addresses, computer names and employee lists were located among the findings presented at Black Hat USA 2021 security conference; they also contain details about organizations’ web domains and other crucial information that could be used to launch an attack on their system.
A team of researchers has revealed that hackers have the ability to spy on internal network traffic with just a simple domain registration. They say this is like having nation-state level spying capability and it could give anyone access to private information from inside companies or governments.
A new study reveals how easy it can be for malicious actors, as well as government agencies at the NSA levels, gain insight into what’s happening in an organization by registering domains – even if they are not within their own networks’ infrastructure.
The exploit process hinges on registering a domain name with Amazon’s Route53 DNS service (or Google Cloud DNS) with the same name as the company that provides translation from names to IP addresses. This allows valuable information to be accessed due to breaking isolation between tenants and results in an easy way for cyber attackers access this data, which could result into dangerous consequences.
In other words, by creating a new domain on the Route53 platform inside AWS name server with the same moniker and pointing it to their internal network, this causes Dynamic DNS traffic from Route 53 customers’ endpoints to be hijacked. It becomes easy for attackers who know how IANA assigns IP addresses – they’re able to map corporate networks as well!
The research team intercepted over 15,000 different organizations’ dynamic DNS traffic and found that the organization’s data included valuable intel like internal and external IP addresses as well as office locations. This was not just limited to Fortune 500 companies but also includes U.S government agencies such 45 federal services including 85 international governments all of which are spying on one another in ways they don’t even know about yet!
The Wiz research team has released a tool to allow companies and individuals alike the opportunity to test if their internal DDNS updates are being leaked or not. This comes after Amazon, Google, and other routers have patched any issues as they arise with this ongoing fiasco.