Hackers Using DNS Tunneling To Scan and Track Victims

The Bottom Line Upfront

Hackers are leveraging DNS tunneling techniques to scan for network vulnerabilities and monitor the success of phishing campaigns, according to new research from Palo Alto Networks.

The Breakdown

• DNS tunneling allows hackers to hide malicious traffic within DNS packets, enabling them to extract stolen data or deliver malware undetected. In addition, attackers are using DNS tunneling to track victim activities related to spam and phishing emails.
• By embedding information into unique subdomains of DNS queries, hackers can monitor and log victims' interactions.
• This technique has been observed in campaigns such as "TrkCdn" and "SpamTracker."
• Furthermore, DNS tunneling is being used to perform network infrastructure scans, potentially leading to denial-of-service attacks, data theft, or malware installation.
• DNS tunneling is an increasingly popular technique used by threat actors to bypass security filters and carry out malicious activities. By understanding how hackers exploit DNS tunneling, network defenders can take proactive measures to protect their infrastructure and mitigate potential damage.