EN, Security Boulevard

The Prevalence of DarkComet in Dynamic DNS

Comet streaking through the sky

Threat Intelligence Report

Date: August 6, 2024

Prepared by: David Brunsdon, Threat Intelligence – Security Engineer, HYAS

Dynamic DNS (DDNS) is a service that automatically updates the Domain Name System (DNS) in real-time to reflect changes in the IP addresses of a domain. Unlike traditional static DNS, where the IP address associated with a domain remains constant, dynamic DNS allows for the association between a domain and an IP address to be updated frequently. This capability is particularly useful for devices or networks with frequently changing IP addresses, such as home networks, small businesses, or mobile devices.

Dynamic DNS services are widely used for legitimate purposes, including remote access to home networks, managing internet-connected devices, and enabling consistent access to websites or services hosted on networks with dynamic IP addresses. However, the same features that make dynamic DNS useful for legitimate users can also be exploited by threat actors for malicious purposes.

Using dynamic DNS for command and control (C2) infrastructure in cyberattacks offers several benefits for threat actors, including:

  1. Easy Access to Domain Name: Registering a domain at a traditional registrar requires providing personal information and usually a credit card number which is undesirable when trying to hide one’s identity.
  2. Evasion of IP-based Blocking: Dynamic DNS allows attackers to frequently change the IP address associated with their C2 domain. This makes it harder for defenders to block C2 traffic based solely on IP addresses, as the domain can resolve to different IPs over time.
  3. Persistence and Resilience: By using dynamic DNS, attackers can maintain control over their C2 infrastructure even if specific IP addresses are taken down or blacklisted. They can simply update the DNS records to point to a new IP address, ensuring continuous communication with their malware.
  4. Global Reach: Dynamic DNS services often have servers and points of presence worldwide, enabl

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from Security Boulevard

    Read the original article: