October 14, 2019
Today, there are many hacking methods used by cybercriminals. Fortunately, cybersecurity experts are aware of these hacking methods and have prepared countermeasures against them. But even the most secure network can be fooled by a simple but dangerous DNS tunneling attack.
DNS Tunneling is a cyberattack that creates a “tunnel” for hackers into a secured network. DNS tunneling takes advantage of the DNS protocol, which is rarely monitored by cybersecurity tools. Through DNS tunneling, hackers can exfiltrate data, send commands to malware in the infected network, or even take full control of an infected network endpoint or system. DNS tunneling is complicated to do, but there are toolkits available online that make it easier.
Cybercriminals use DNS tunneling for many different reasons. Here are some of the main reasons why:
To better understand how DNS tunneling works, here’s a break down of the different stages in DNS tunneling:
Step 1: Set up
Before hackers can initiate a DNS tunneling attack, they first need to set up a domain and a DNS server. This needs to be done so that the data to be exfiltrated can be sent to hackers.
Hackers also build the malware they will use to infiltrate the target network in this stage.
Step 2: Infiltration
To infiltrate the network, the hackers will need to insert their malware to a network endpoint or any device that connects to the target network that has authority. This can be done using spam mail, whale phishing, SQL injection, and other infiltration methods.
Once inside the network, the malware will start sending DNS queries back to the hacker’s domain and DNS server.
Step 3: Data exfiltration
Once a connection between the malware and the hacker’s domain is accomplished, the malware can now start looking for data to exfiltrate or receive commands from the hackers on what to do next. When exfiltrating data, the malware breaks down the data into small data packets and masks it with the query sequence. This allows the data packet to pass without being stopped by the firewall.
Step 4: Reconstruction
Once all the data packets have been transferred to the hacker’s DNS server, the hackers can decrypt and reconstruct the data. They then have a copy of the sensitive data without being stopped by firewalls or other cybersecurity tools.
Even if there are legitimate reasons for using it, many hackers use DNS tunneling for malicious purposes. The best way for companies to protect themselves from DNS tunneling attacks is through Comodo’s secure DNS filtering. Visit https://cdome.comodo.com today to know more about DNS filtering.