CYBER Insights » THREAT INTEL: DNS Poisoning exploited a number of ISP’s enabling hackers to deliver Malware

THREAT INTEL: DNS Poisoning exploited a number of ISP’s enabling hackers to deliver Malware

Data Center Room
Image Credit: Wirestock/Freepik

Helping keep European SMEs CYBERSafe! Gibraltar: Friday 09 August  2024 at 11:00 CET

THREAT INTEL: DNS Poisoning exploited a number of ISP’s enabling hackers to deliver Malware to Windows and Mac users

By Andy Jenkinson – Guest Contributor |  Group CEO Cybersec Innovation Partners
via CYBERInsights
First for SME Cybersecurity News
Google Indexed on 090824 at 13:15 CET

#CyberInsights #SMECybersecurityNews #Cybersecurity #WhitethornShield #InternetSecurity #DNS #PKI

Earlier this week it was revealed that DNS Poisoning was exploiting a number of ISP’s enabling hackers to deliver Malware to Windows and Mac users via software updates and unsecure connections.

We would like to take that further and share how, when DNS servers are compromised, it is possible that they can be exploited to also add Malware into software updates – remember SolarWinds Orion and (Sunburst) Malware.

WSUS – ”The Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS). The primary relationship between the Windows Update Services: Client-Server Protocol (WUSP) and the Windows Update Services: Server-Server Protocol (WSUSSS) is based on shared data among the member protocols.”

”State sharing of the information passed using WSUSSS and WUSP takes place on an update server. An update server can participate in protocol exchanges with a USS or a DSS using WSUSSS as well as protocol exchanges with update clients using WUSP.”

”WSUS maintains data for each protocol, and there is substantial overlap among the data maintained for each protocol. Data that is modified by a WSUSSS protocol exchange can be consumed by a WUSP protocol exchange, and vice versa.”

As the below WSUS topology diagram shows, the DNS server plays a critical role in the distribution of software updates. This is immaterial if the updates are Orion, Falcon, Microsoft, or any other updates using WSUS.

Assumptions – Automating software updates without any checks is really dangerous as the world witnessed on 19 July 2024 when CrowdStrike botched Falcon update caused global chaos and outages. The Orion update in 2020 caused 18,000 clients to suffer consequential Cyberattacks.

Assuming DNS servers are secure dramatically compounds the Blind Spots and exposure to unlawful Digital Intrusion, Malware, Phishing, MiTM attacks and much more.

Let me be candid – if DNS servers are INSECURE, no matter what budget, spend, expertise, or resources an organization have, the organization WILL NEVER BE SECURE.

Cybersec Innovation Partners
GCHQ
National Cyber Security Centre
FBI Cyber Division
Federal Bureau of Investigation (FBI)
United States Department of Defense
U.S. Department of Homeland Security
Central Intelligence Agency
ABC News
BBC News
CNBC
CNN
Fox News Media
ITV News
Sky TV
InterentSecurity
DNS PKI

 

Cybersec Innovation Partners

About Andy Jenkinson

Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.

Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader.