"Air-Gapped Networks Vulnerable to DNS Attacks"

Researchers from the security firm Pentera discovered that common misconfigurations in how Domain Name System (DNS) is implemented in an enterprise environment can put air-gapped networks and the high-value assets they are designed to protect at risk of external attacks. The researchers discovered that organizations using air-gapped networks connected to DNS servers might inadvertently expose their assets to threat actors, potentially resulting in high-impact data breaches. According to the researchers, attackers can use DNS as a command-and-control (C2) channel to communicate with these networks via DNS servers connected to the Internet, allowing them to breach them even when an organization believes the network has been successfully isolated. Air-gapped networks are separated from the common user network and do not have Internet access. They are designed to protect an organization's high-value assets by using a Virtual Private Network, Secure Sockets Layer Virtual Private Network (SSL VPN), or the users' network via a jump box for access. These networks, however, still require DNS services, which are used to assign names to systems for network discovery. If network administrators do not carefully configure DNS, this represents a vulnerability. Hackers have a stable communication line into an air-gapped network by abusing DNS, allowing them to exfiltrate sensitive data while appearing completely legitimate to an organization's security protocols. This article continues to discuss DNS as a highly misconfigurable protocol, how threat actors can use DNS to break an air gap, and how to mitigate DNS attacks on air-gapped networks.

Dark Reading reports "Air-Gapped Networks Vulnerable to DNS Attacks"