Domain name system, or DNS, is the protocol that translates human-friendly URLs, such as paloaltonetworks.com, into machine-friendly IP addresses, such as 18.104.22.168. Cybercriminals know that DNS is widely used and trusted. Furthermore, because DNS is not intended for data transfer, many organizations don’t monitor their DNS traffic for malicious activity. As a result, a number of types of DNS-based attacks can be effective if launched against company networks. DNS tunneling is one such attack.
How DNS Tunneling Works
DNS tunneling exploits the DNS protocol to tunnel malware and other data through a client-server model.
DNS tunneling has been around for almost 20 years. Both the Morto and Feederbot malware have been used for DNS tunneling. Recent tunneling attacks include those from the threat group DarkHydrus, which targeted government entities in the Middle East in 2018, and OilRig, which has been operating since 2016 and is still active.
How do you stop attackers from using DNS against you? Read our white paper to learn the steps you can take to stop DNS attacks.