Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
We do not use cookies of this type.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
We do not use cookies of this type.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
We do not use cookies of this type.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
We do not use cookies of this type.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
We do not use cookies of this type.
This article by Valadin takes the reader through the exploitation of Domains and DNS by the Korean Ransomware Gang Lazarus.
DNS Tampering and Abuse has been a tactic used by cyber criminals for around a decade. One major DNS attack that resulted in a DDoS attack of epic proportions was on DYN in 2016 – the Mirai Botnet.
Shortly after in the Fall of 2018, numerous Federal Agencies suffered DNS attacks which acted as the catalyst for CISA to issue their Emergency Directive in January 2019 on DNS attacks. CISA issued M-19-01 and gave Federal Agency’s 10 days to comply.
On the 14 July 2020, Microsoft issued CVE-2020-1350, with a critical CVSS of 10 on their DNS servers. In December 2020 the SolarWinds massive Cyberattack was discovered.
The SolarWinds attack was later proven to have exploited a Not Secure SolarWinds subdomain standing up avsvmcloud.com and a DNS attack.
Like SolarWinds, the dwell time, ie the time from access and discovery could have been in excess of a year. Compromised servers can enable Living off The Land undetected for long periods of time – seemingly nobody is checking.
DNS has been used for surveillance over the last two decades and has been exploited by Cybercriminals who learnt how the huge generation gap of DNS knowledge and lack of DNS controls and management, could also be exploited for Cybercrime.
Add DNS and CDN outsourcing to Cloud computing over the same period, Insecure Servers, many on known DNS Blacklists, and you have Access with little, to no Attribution – See Shared Responsibility…
DNS and CDN providers using DNS Blacklisted servers enforces their clients to a full time life of exposure, insecurity, and cyberattacks – Blindsided…
Just as DYN’s servers were exposed, and exploited in 2016 causing massive chaos and consequential incidents in 2016 and DYN were unequivocally responsible then, so are DNS and CDN providers today for their, and their clients basic security.