DNS servers are key to the functioning of the Internet, and they are the doors that help us decide which website we want to visit from among the millions of addresses on the network. However, any failure of these platforms could lead to chaos as happened last month when services for important sites in Spain and abroad declined due to Error in one of the suppliers around the world.
this time, Google and Amazon managed to patch the security breach on their servers before the consequences are really serious. The two companies that provide DNS services to businesses and governments patched the flaw in time thanks to security researchers.
Sher Tamari Wai Ami Luttwak, of Wiz, explained at the Red Hat conference how they discovered this vulnerability in the DNS servers of Amazon Web Services and Google Cloud Platform, and the amount of confidential information that could have been exposed to groups of cybercriminals and espionage.
How does DNS work?
Each web page contains an IP (Internet Protocol) address as a unique license plate consisting of a string of four or six numbers separated by periods. Users search the page by its generic name, easy to remember, for example elespañol.com. The DNS server is responsible for translating this address into an IP code so that the browser can open the web correctly and not get lost in the vastness of the network.
Creating a domain or DNS server is not very complicated, but many companies prefer it Employ a provider like Google Cloud Platform or Amazon Web Services. They take care of maintenance and system security audits, which frees companies from these tasks.
This way, when an employee wants to visit a web page, they must connect to an intranet application so that their computer consults the other company’s DNS server to get the IP address they intend to enter. The process is simple and quick, but it does involve exchanging confidential information which can be very exciting for hackers as this case shows.
Wiz researchers explained to Recorded future Thanks to the discovery of this vulnerability, they were able to gain access to the internal network of the servers. While they weren’t able to directly track the company’s traffic, they were able to identify the companies that use these servers and collect internal data from each one.
In their research, they collected information from 15,000 organizations, including 130 government agencies and some Fortune 500 companies. The exposed data ranged from internal IP addresses to employee names. For Tamari and Luttwak, all this amount of data is a “gold mine for intelligence”.
With them, you can determine the internal structure of any company and design highly accurate computer attacks. But not only groups of pirates, Spy squads will get you too Learn about companies that deal with hostile countries. Wise’s team even discovered companies that had violated US Treasury Office of Foreign Assets Control regulations in this way.
The bug has been fixed
After warning researchers, both Amazon and Google released updates to fix the security breach. Google confirmed Recorded future They “have not seen any evidence of malicious abuse on their platform.” For its part, Amazon did not respond to this question.
They are not the only providers who can be affected. From I assure wit Dozens of companies with the same service could be vulnerable to the same security breach. The problem will be big, as described in Wiz, after Originated from default on Microsoft Windows servers That allows DNS traffic to leave the local network and access the Internet.
If companies disable this feature in dynamic DNS updates as Microsoft suggested, it would be difficult for third-party organizations and hackers to exploit these vulnerabilities.