2nd September, 2019
1 Min read
Book a Demo
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
Reduce your AWS costs by over 50%
Discover your Cloud Saving Potential – Answer just 5 simple questions. AppsFlyer, Playtika, Lufthansa, IBM, top leading companies are already using our FinOps services.
A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.
Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.
Read more: Dark Reading
Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.