The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities.
Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign.
More about DNS:
- DNS in the cloud: Why and why not
- DNS over HTTPS seeks to make internet use more private
- How to protect your infrastructure from DNS cache poisoning
- ICANN housecleaning revokes old DNS security key
“The threat actor's ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization's normal proxy or weblogs,” Talos wrote. “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”
To read this article in full, please click here