New Credential-Theft Attack Weaponizes DNS

September 2, 2019 Published in: News Author: Vedran Bozicevic

The recently discovered campaign sends stolen data out of the network as part of a DNS query.

A new credential-theft attack campaign is using DNS to exfiltrate data. The campaign, which uses an illicit SSH client to gather the credentials, sends the purloined data to a pair of command-and-control (C2) servers.

Researchers at Alert Logic have found activity from this campaign dating back to August 9. In the attack, the malicious SSH client captures login credentials and sends the data to the C2 server as part of a DNS query, not likely to be automatically stopped by standard network protection systems.

dns hijacking

Read more: Dark Reading

Vedran Bozicevic

I am a digital marketer with several years of experience with various types of online marketing technologies and channels. Before joining GlobalDots, my experience included working as a content marketing manager for a software development company, and several others marketing positions where I worked on digital marketing strategies and channels.

Our Story

GlobalDots helps companies to evaluate, purchase, and integrate cloud services by acting as a neutral consultancy layer between vendors and customers with a keen focus on optimizing performance, workflows, and costs.

We're in the unique position to orchestrate full-stack, multi-vendor architectures such as multi-CDN, CDN+WAF+AWS, CDN+Mobile App optimization, dual-DNS, and other interesting setups.

Bad Bot Report 2019

Learn everything you need to know about Bad Bot threats by downloading your FREE copy of Bad Bot Report 2019.

CDN Buyer’s Guide

Find out the most important tips&tricks before selecting your next CDN provider in this FREE guide.

Modern Web Security Guide

Find out all the specifics about web threats by downloading our FREE Field Guide to Modern Web Security.