Cybercriminals have adopted a highly intricate technique known as DNS tunnelling to carry out malicious activities such as tracking victims and scanning network vulnerabilities, posing a significant threat to cybersecurity. DNS tunnelling involves the encoding of data or commands within DNS queries, effectively transforming DNS into a covert communication channel, which can be challenging for traditional security measures to detect.
Hackers leverage various encoding methods, such as Base16 or Base64, to conceal their digital footprints within DNS records, including TXT, MX, CNAME, and Address records. This covert communication method allows them to bypass network firewalls and filters, using it for command and control operations and VPN activities, thereby upgrading their ability to evade detection by security tools.
The Palo Alto Networks’ Unit 42 security research team has recently exposed two distinct campaigns that exploit DNS tunnelling for malicious purposes. The first campaign, dubbed “TrkCdn,” focuses on tracking victim interactions with phishing emails, enabling attackers to evaluate their strategies and confirm the delivery of malicious payloads. Additionally, a similar campaign named “SpamTracker” utilises DNS tunnelling to track the delivery of spam messages, highlighting the versatility of this technique in cybercriminal operations.
Furthermore, the second campaign, identified as “SecShow,” employs DNS tunnelling for network scanning purposes. Attackers embed IP addresses and timestamps into DNS queries to map out network layouts and iden
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.