Air-Gapped Networks Vulnerable to DNS Attacks

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Content source
https://www.darkreading.com/attacks-breaches/report-air-gapped-networks-vulnerable-dns-attacks
Common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are aimed at protecting at risk from external attackers, researchers have found.

Organizations using air-gapped networks that connect to DNS servers can inadvertently expose the assets to threat actors, resulting in high-impact data breaches, researchers from security firm Pentera revealed in a blog post published Dec. 8. Attackers can use DNS as a command-and-control (C2) channel to communicate with these networks through DNS servers connected to the Internet, and thus breach them even when an organization believes the network is successfully isolated, the researchers revealed.

Air-gapped networks are segregated without access to the Internet from the common user network in a business or enterprise IT environment. They are designed this way to protect an organization's "crown jewels," the researchers wrote, using VPN, SSL VPN, or the users' network via a jump box for someone to gain access to them. However, these networks still require DNS services, , which is used to assign names to systems for network discoverability. This represents a vulnerability if DNS is not configured carefully by network administrators.
Click to expand...
With DNS attacks occurring more frequently than ever - with 88% of organizations reporting some type of DNS attack in 2022, according to the latest IDC Global DNS Threat Report - it's important for organizations to understand how to mitigate and defend against DNS abuse, the researchers said.
Click to expand...
www.darkreading.com

Report: Air-Gapped Networks Vulnerable to DNS Attacks

Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
www.darkreading.com www.darkreading.com
 
  • Like
  • +Reputation
  • Applause
Reactions: [correlate], vtqhtr413, TedCruz and 4 others
T

TedCruz

Level 5
Aug 19, 2022
176
upnorth said:
www.darkreading.com

Report: Air-Gapped Networks Vulnerable to DNS Attacks

Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
www.darkreading.com www.darkreading.com
Click to expand...
Yeap that's why SIPR and JWICS have their own dedicated fibre that does not ride on common network backbone. The only negative thing about it is how slow they are (most of it is due to very heavy encryption).
 
  • Like
Reactions: [correlate], Zero Knowledge and vtqhtr413
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Security News European govt air-gapped systems breached using custom malware
Replies
1
Views
1,706
Security News
Brahman
Brahman
[correlate]
    • Like
    • Wow
MaginotDNS attacks exploit weak checks for DNS cache poisoning
Replies
0
Views
1,199
News Archive
[correlate]
[correlate]
vtqhtr413
    • Like
    • Wow
Technology Microsoft plans to lock down Windows DNS like never before
Replies
4
Views
720
Technology News
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top