Malware Threats Rise: How Hackers Use DNS Records for Concealed Attacks
Malware Attacks Using DNS Records
Malware threats characterized by hackers utilizing DNS records for concealed attacks are escalating. This malicious practice allows harmful scripts to fetch binary files seamlessly, circumventing traditional security measures like antivirus software.
How Does This Work?
- The binary files are encoded in hexadecimal format, which is then divided into chunks.
- Each chunk is stored within the DNS records of various subdomains.
- Malicious actors can retrieve these chunks through standard DNS requests, making detection difficult.
Challenges in Cybersecurity
Cybersecurity poses challenges with the proliferation of encrypted DNS lookups such as DNS over HTTPS (DOH) and DNS over TLS (DOT). These technologies complicate the identification of malicious DNS traffic.
Expert Opinions
- Ian Campbell from DomainTools emphasizes that even sophisticated organizations struggle to differentiate between authentic and anomalous DNS requests.
- DomainTools reported on similar tactics, including the use of PowerShell scripts embedded in DNS records.
- Additionally, vulnerabilities in AI chatbots through prompt injections were identified in DNS entries.
The threat landscape is evolving, necessitating improved security measures against such innovative tactics.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.