Security researchers found a new class of DNS vulnerabilities impacting major DNS-as-a-Service (DNSaaS) providers that could allow attackers to access sensitive information from corporate networks.
DNSaaS providers (also known as managed DNS providers) provide DNS renting services to other organizations that do not want to manage and secure yet another network asset on their own.
As revealed at the Black Hat security conference by cloud security firm Wiz researchers Shir Tamari and Ami Luttwak, these DNS flaws provide threat actors with nation-state intelligence harvesting capabilities with a simple domain registration.
From domain name registration to wiretapping traffic indiscriminately The exploitation process is quite simple, as they explained: they registered a domain and used it to hijack a DNSaaS provider’s nameserver (in their case, Amazon Route 53) which enabled them to wiretap on dynamic DNS traffic streaming from Route 53 customers’ networks.
“We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google,” the Wiz researchers said.