Cyber Attackers Increasingly Sneaking Corporate Data Out Through DNS
Almost 90 percent of firms have suffered an attack against their domain-name system infrastructure, and nearly half have detected data leaving their network through DNS.For years, researchers have studied the use of domain-name service (DNS) traffic as a way to hide attackers’ communications. Now, companies are increasingly encountering the tactic, according to a survey released on Dec. 16 by infrastructure-security firm Cloudmark. About 46 percent of companies detected data leaving their network through DNS communications, the survey of 300 U.S. and UK companies found. The exfiltration of data through DNS was the second most common attack against the infrastructure—a distance second to the 74 percent of companies that suffered a denial-of-service attack against their DNS servers, according to the survey’s respondents. Despite the frequent attacks against DNS infrastructure, many security professionals are not sold on protecting their domain-name service traffic, Neil Cook, chief technology officer of Cloudmark, told eWEEK. “Most organizations don’t think about DNS as something that can be used to exfiltrate data,” he said.
Security researchers first suggested using DNS traffic as a covert communications channel in the late 1990s, but the concept only gained widespread acceptance following a presentation by security researcher Dan Kaminsky at the DEFCON hacking conference in 2004.