About Andy Jenkinson
Group CEO CIP. Fellow Cyber Theory Institute. Director Fintech & Cyber Security Alliance (FITCA) working with Governments. Recognised Expert in Internet Asset & DNS Vulnerabilities.
Andy Jenkinson is a senior and seasoned innovative Executive with over 30 years’ experience as a hands-on lateral thinking CEO, coach, and leader. A ‘big deal’ business accelerator, and inspirational, lateral thinker, Andy has crafted, created, and been responsible for delivering 100’s £ millions of projects within the Cyber, Technical, Risk and Compliance markets for some of the world’s largest, leading organisations. Andy has a demonstrable track record of largescale technical delivery and management within many sectors including the Professional, Managed, and Financial Services.
This article by Valadin takes the reader through the exploitation of Domains and DNS by the Korean Ransomware Gang Lazarus.
DNS Tampering and Abuse has been a tactic used by cyber criminals for around a decade. One major DNS attack that resulted in a DDoS attack of epic proportions was on DYN in 2016 – the Mirai Botnet.
Shortly after in the Fall of 2018, numerous Federal Agencies suffered DNS attacks which acted as the catalyst for CISA to issue their Emergency Directive in January 2019 on DNS attacks. CISA issued M-19-01 and gave Federal Agency’s 10 days to comply.
On the 14 July 2020, Microsoft issued CVE-2020-1350, with a critical CVSS of 10 on their DNS servers. In December 2020 the SolarWinds massive Cyberattack was discovered.
The SolarWinds attack was later proven to have exploited a Not Secure SolarWinds subdomain standing up avsvmcloud.com and a DNS attack.
Like SolarWinds, the dwell time, ie the time from access and discovery could have been in excess of a year. Compromised servers can enable Living off The Land undetected for long periods of time – seemingly nobody is checking.
DNS has been used for surveillance over the last two decades and has been exploited by Cybercriminals who learnt how the huge generation gap of DNS knowledge and lack of DNS controls and management, could also be exploited for Cybercrime.
Add DNS and CDN outsourcing to Cloud computing over the same period, Insecure Servers, many on known DNS Blacklists, and you have Access with little, to no Attribution – See Shared Responsibility…
DNS and CDN providers using DNS Blacklisted servers enforces their clients to a full time life of exposure, insecurity, and cyberattacks – Blindsided…
Just as DYN’s servers were exposed, and exploited in 2016 causing massive chaos and consequential incidents in 2016 and DYN were unequivocally responsible then, so are DNS and CDN providers today for their, and their clients basic security.