Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 19, 2023Severity Medium Analysis Summary CVE-2022-42436 IBM MQ Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. Impact Indicators Of Compromise […]March 19, 2023Severity Medium Analysis Summary CVE-2023-0027 Rockwell Automation Modbus TCP AOI Server could allow a remote attacker to obtain sensitive information. By sending a malformed message, an […]March 17, 2023Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2019-0330 – SAP Diagnostic Agent OS Command Injection Vulnerability
July 15, 2019Rewterz Threat Alert – Lazarus APT Group, Attacked as Identity Document
July 16, 2019
Severity
Medium
Overview
While organizations strive to keep their internal environments safe, it is also crucial to counter the internet-based threats. FBI’s Internet Crime Report 2018 reports that internet-based exploitation, frauds and theft have been responsible for about $2.7 billion financial losses in 2018. Researchers find that cybercriminals exploit Domain Name Systems (DNS) in most of the internet-based and web application attacks.
For instance, take the example of the attack on the cloud-based messaging app Telegram, compromising which, APT34’s hacking tools as well as data belonging to victims has been exposed since March 2019.
It is therefore necessary for organizations to take measures for protecting their networks and end users from internet-based attacks.
DNS attacks
DNS is the most commonly exploited tool for such attacks, initiated through phishing. Therefore, Paul Griswold from IBM security suggests that organizations should not consider the DNS they receive from their Internet service providers as ‘clean’. Not being skeptical about the ISP-provided DNS may lead to harsh consequences. The domain assets need more attention to avoid security glitches.
When domain registries aren’t fully managed, it may lead to DNS attacks, adds Griswold, saying that the domain registries can be repurchased and the domains can be exploited to compromise the DNS servers.
Web application attacks
Although major internet-based attacks arise out of DNS exploitation, vulnerable Web applications are the reason for major security glitches and may also yield harsh consequences for organizations. Users often use vulnerable versions of these web applications, adding to the probability of cyber-attacks.
Additionally, with the proliferation of IoT based endpoints and devices, attack vectors are increasing exponentially and the internet arena is becoming more and more threatening for organizations.
Moreover, third party vulnerable applications are not the only reason for malware downloads. Compromised websites too host a lot of malware that non-skeptical users download via javascript without hesitation, while surfing through the internet. Apparently benign, these websites often redirect to malicious sites, leading to drive-by downloads of malware and ransomware on the user systems.
Need of Preventive Measures
To save their integrity from compromise due to internet-based attacks, organizations need to reinforce strong security measures, blocking threats coming from the internet. Advanced DNS analytics also provide advanced threat intelligence to organizations for enhancing the detection of malicious tools and compromised devices. Such threat intelligence greatly helps prevent cyber-attacks across the network.
Looking at the growing number of DNS based cyber-attacks, experts suggest that organizations should also introduce redundancy at all levels of a server infrastructure, including the DNS host. Redundancy means deployment of a secondary DNS network, in order to move traffic from a failing server to a live redundant server that will subsume the queries for the former.
Recommendations
Keeping in view the threats coming from expansive internet arena, NS1’s Zeman recommends the following precautions for organizations:
- Borrow a page from the cloud computing playbook and leverage a managed DNS solution with a globally distributed, anycast network that ensures high availability.
- Reinforce the authenticity of DNS query responses by implementing Domain Name Security Extensions (DNSSEC) across all zones in your control.
- Because DNS is a mission-critical service, administrative access to DNS management should be tightly controlled. Make sure to use strong password enforcement, two-factor, or multifactor authentication, and role-based access controls.
- When using zone transfers, whitelist the transfer IP addresses of your secondary providers and leverage TSIG (Transaction SIGnature) to sign the transfers with a private key and limit exposure.
- Keep all web applications updated to latest secure versions.
Keeping in view the harsher consequences of DNS attacks and web application attacks on businesses, organizations should prioritize DNS protection, and patching of vulnerable web applications, as it is very crucial for overall network security.