Domain Name Systems (DNS) have been a fundamental piece of networking for ages. More recently, cybercriminals have been exploiting DNS to steal data. Port 53 manipulation or “DNS Tunneling” can allow bad guys to exfiltrate data through already established DNS pathways.
A recent Infoblox Security Assessment Report found that nearly half of enterprises tested showed DNS Tunneling – evidence suggesting that there could be active malware or ongoing data exfiltration on those networks.
When SC Magazine covered the report they turned to WatchGuard’s very own Marc Laliberte for his thoughts on DNS-based attacks:
“Tunneling is prominently used in the Multigrane POS malware which made its rounds earlier this year. It’s likely that we will continue to see DNS tunneling used for data exfiltration and C2 connections until organizations better prepare themselves to stop it.”
For the full article and a few tips on preventing DNS Tunneling, check out: