Until AI and machine learning reach their peak, the old methods are still in play.
According to a recent report by Check Point, cybercriminals are still quite often using DNS tunneling in their attacks — an outdated method that is considered a relic of the early days of the Internet.
DNS tunneling is a method of using the DNS (Domain Name System) system to transfer data between computers. Typically, DNS is used to translate domain names (for example, example.com) in IP addresses to establish a network connection. However, hackers can use it for covert data transmission, bypassing classical detection methods.
Although many attackers have long switched to more sophisticated methods, such as steganography and HTTP traffic encryption, DNS tunneling has not yet sunk into oblivion.
According to Check Point Research, this method is still actively used, for example, in attacks using the malicious CoinLoader loader, first discovered by Avira back in 2019.
According to Check Point Research experts, despite the seemingly archaic nature, DNS tunneling still remains in the arsenal of cybercriminals due to a number of advantages:
Thus, despite the advent of more advanced techniques, DNS tunneling remains attractive to attackers due to its simplicity of implementation and the ability to bypass security.
Check Point researchers propose to fight DNS abuse with the help of machine learning and artificial intelligence. The new DeepDNS technology is based on using the capabilities of the tools described above to analyze huge amounts of DNS traffic and search for anomalies.
Unlike traditional methods based on comparison with domain reputation databases, DeepDNS is able to recognize complex patterns that indicate tunneling attempts and other types of DNS protocol abuse. Thanks to real-world data training, the system can detect new, previously unknown attack patterns.
According to the developers, in tests, the company's new tool showed high efficiency in detecting and blocking attacks using DNS tunneling. However, independent research is not yet sufficient to objectively assess the capabilities of this technology.
Be that as it may, AI technologies are really very promising in solving cybersecurity problems in general and can be effectively applied against DNS tunneling in particular.
To summarize, DNS tunneling should not be overlooked due to several reasons mentioned above, which make this technique attractive to attackers, despite its age. Therefore, manufacturers of cybersecurity solutions should pay attention to protecting against this threat on a par with other methods of attack.
In turn, the use of advanced technologies, such as AI and machine learning, should help to counter this and other similar threats much more effectively.
According to a recent report by Check Point, cybercriminals are still quite often using DNS tunneling in their attacks — an outdated method that is considered a relic of the early days of the Internet.
DNS tunneling is a method of using the DNS (Domain Name System) system to transfer data between computers. Typically, DNS is used to translate domain names (for example, example.com) in IP addresses to establish a network connection. However, hackers can use it for covert data transmission, bypassing classical detection methods.
Although many attackers have long switched to more sophisticated methods, such as steganography and HTTP traffic encryption, DNS tunneling has not yet sunk into oblivion.
According to Check Point Research, this method is still actively used, for example, in attacks using the malicious CoinLoader loader, first discovered by Avira back in 2019.
According to Check Point Research experts, despite the seemingly archaic nature, DNS tunneling still remains in the arsenal of cybercriminals due to a number of advantages:
- First, the use of DNS traffic allows attackers to mask malicious commands and data by bypassing detection systems configured to analyze other protocols.
- Second, this channel often remains open even when other types of network interaction are restricted by firewalls and proxy servers.
- Third, DNS tunneling can serve as a backup method for communication with command servers in the event of blocking of the main channels.
Thus, despite the advent of more advanced techniques, DNS tunneling remains attractive to attackers due to its simplicity of implementation and the ability to bypass security.
Check Point researchers propose to fight DNS abuse with the help of machine learning and artificial intelligence. The new DeepDNS technology is based on using the capabilities of the tools described above to analyze huge amounts of DNS traffic and search for anomalies.
Unlike traditional methods based on comparison with domain reputation databases, DeepDNS is able to recognize complex patterns that indicate tunneling attempts and other types of DNS protocol abuse. Thanks to real-world data training, the system can detect new, previously unknown attack patterns.
According to the developers, in tests, the company's new tool showed high efficiency in detecting and blocking attacks using DNS tunneling. However, independent research is not yet sufficient to objectively assess the capabilities of this technology.
Be that as it may, AI technologies are really very promising in solving cybersecurity problems in general and can be effectively applied against DNS tunneling in particular.
To summarize, DNS tunneling should not be overlooked due to several reasons mentioned above, which make this technique attractive to attackers, despite its age. Therefore, manufacturers of cybersecurity solutions should pay attention to protecting against this threat on a par with other methods of attack.
In turn, the use of advanced technologies, such as AI and machine learning, should help to counter this and other similar threats much more effectively.
