Air-Gapped Networks Vulnerable to DNS Attacks


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are aimed at protecting at risk from external attackers, researchers have found.

Organizations using air-gapped networks that connect to DNS servers can inadvertently expose the assets to threat actors, resulting in high-impact data breaches, researchers from security firm Pentera revealed in a blog post published Dec. 8. Attackers can use DNS as a command-and-control (C2) channel to communicate with these networks through DNS servers connected to the Internet, and thus breach them even when an organization believes the network is successfully isolated, the researchers revealed.

Air-gapped networks are segregated without access to the Internet from the common user network in a business or enterprise IT environment. They are designed this way to protect an organization's "crown jewels," the researchers wrote, using VPN, SSL VPN, or the users' network via a jump box for someone to gain access to them. However, these networks still require DNS services, , which is used to assign names to systems for network discoverability. This represents a vulnerability if DNS is not configured carefully by network administrators.
With DNS attacks occurring more frequently than ever - with 88% of organizations reporting some type of DNS attack in 2022, according to the latest IDC Global DNS Threat Report - it's important for organizations to understand how to mitigate and defend against DNS abuse, the researchers said.


Level 5
Aug 19, 2022
Yeap that's why SIPR and JWICS have their own dedicated fibre that does not ride on common network backbone. The only negative thing about it is how slow they are (most of it is due to very heavy encryption).

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.