Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability
July 15, 2019Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
July 16, 2019Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability
July 15, 2019Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
July 16, 2019Severity
Medium
Overview
While organizations strive to keep their internal environments safe, it is also crucial to counter the internet-based threats. FBI’s Internet Crime Report 2018 reports that internet-based exploitation, frauds and theft have been responsible for about $2.7 billion financial losses in 2018. Researchers find that cybercriminals exploit Domain Name Systems (DNS) in most of the internet-based and web application attacks.
For instance, take the example of the attack on the cloud-based messaging app Telegram, compromising which, APT34’s hacking tools as well as data belonging to victims has been exposed since March 2019.
It is therefore necessary for organizations to take measures for protecting their networks and end users from internet-based attacks.
DNS attacks
DNS is the most commonly exploited tool for such attacks, initiated through phishing. Therefore, Paul Griswold from IBM security suggests that organizations should not consider the DNS they receive from their Internet service providers as ‘clean’. Not being skeptical about the ISP-provided DNS may lead to harsh consequences. The domain assets need more attention to avoid security glitches.
When domain registries aren’t fully managed, it may lead to DNS attacks, adds Griswold, saying that the domain registries can be repurchased and the domains can be exploited to compromise the DNS servers.
Web application attacks
Although major internet-based attacks arise out of DNS exploitation, vulnerable Web applications are the reason for major security glitches and may also yield harsh consequences for organizations. Users often use vulnerable versions of these web applications, adding to the probability of cyber-attacks.
Additionally, with the proliferation of IoT based endpoints and devices, attack vectors are increasing exponentially and the internet arena is becoming more and more threatening for organizations.
Moreover, third party vulnerable applications are not the only reason for malware downloads. Compromised websites too host a lot of malware that non-skeptical users download via javascript without hesitation, while surfing through the internet. Apparently benign, these websites often redirect to malicious sites, leading to drive-by downloads of malware and ransomware on the user systems.
Need of Preventive Measures
To save their integrity from compromise due to internet-based attacks, organizations need to reinforce strong security measures, blocking threats coming from the internet. Advanced DNS analytics also provide advanced threat intelligence to organizations for enhancing the detection of malicious tools and compromised devices. Such threat intelligence greatly helps prevent cyber-attacks across the network.
Looking at the growing number of DNS based cyber-attacks, experts suggest that organizations should also introduce redundancy at all levels of a server infrastructure, including the DNS host. Redundancy means deployment of a secondary DNS network, in order to move traffic from a failing server to a live redundant server that will subsume the queries for the former.
Recommendations
Keeping in view the threats coming from expansive internet arena, NS1’s Zeman recommends the following precautions for organizations:
- Borrow a page from the cloud computing playbook and leverage a managed DNS solution with a globally distributed, anycast network that ensures high availability.
- Reinforce the authenticity of DNS query responses by implementing Domain Name Security Extensions (DNSSEC) across all zones in your control.
- Because DNS is a mission-critical service, administrative access to DNS management should be tightly controlled. Make sure to use strong password enforcement, two-factor, or multifactor authentication, and role-based access controls.
- When using zone transfers, whitelist the transfer IP addresses of your secondary providers and leverage TSIG (Transaction SIGnature) to sign the transfers with a private key and limit exposure.
- Keep all web applications updated to latest secure versions.
Keeping in view the harsher consequences of DNS attacks and web application attacks on businesses, organizations should prioritize DNS protection, and patching of vulnerable web applications, as it is very crucial for overall network security.