Page 46 - Cyber Warnings
P. 46
Preventing DNS-Based Data Exfiltration
By Cherif Sleiman, General Manager, Middle East at Infoblox
Summary: Theft of sensitive or regulated data and intellectual property is one of the most
serious risks to an enterprise. DNS is frequently used as a pathway for data exfiltration,
because it is not inspected by common security products such as firewalls, intrusion detection
systems (IDSs), and proxies.
Several high-profile data breaches have been in the news recently. We read that millions of
customer records are stolen, emails hacked, and sensitive information leaked. Most enterprises
have multiple defense mechanisms and security technologies in place, such as next-generation
firewalls, intrusion detection systems (IDSs), and intrusion-prevention systems (IPSs). Yet
somehow malicious actors find a way to appropriate data. So what types of data are being
stolen? They vary and may include:
Personally identifiable information (PII) such as Emirates ID numbers in UAE for
example
Regulated data related to Payment Card Industry Data Security Standard (PCI DDS)
Intellectual property that gives an organization a competitive advantage
Other sensitive information such as credit card numbers, company financials, payroll
information, and emails
Motivations vary from hacktivism and espionage to financial wrongdoing, where the data can be
easily sold for a neat profit in the underground market. When sensitive information is stolen, it
causes financial and legal woes, not to mention the huge negative impact to brand. According to
a Ponemon Institute study in 2015, the average consolidated cost of a data breach is US$3.8
million, which includes investigative and forensic efforts and resolution and consequences of
customer defection. This is an average—recent breaches have cost victims a lot more.
Hackers can use multiple pathways to steal data, but the one that is often unknowingly left open
is DNS, or the Domain Name System. DNS is increasingly being used for data exfiltration, either
by malware-infected devices or by rogue employees. The nature of the DNS protocol, which
was invented more than 30 years ago, is such that it is trusted, yet vulnerable to hackers and
malicious insiders. According to Dan Kaminsky, the a well-known DNS security researcher,
DNS can be thought of as a globally deployed routing and caching overlay network that
connects both the public and private Internet, which raises serious questions: Is it sufficiently
secure? Is it vulnerable to data breaches?
The answer is that DNS can be abused in all sorts of unconventional ways that make it the
perfect back door for hackers seeking to steal sensitive data. According to a recent DNS
security survey of businesses based in North America and Europe, 46 percent of respondents
experienced DNS exfiltration and 45 percent experienced DNS tunneling. You can safely
assume that the Middle East will be no different.
46 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
