May 24, 2021

How the NAME:WRECK Bug impact millions of devices

There are a lot of known cyber attacks that can cause your network to crash. You can lose important or confidential information or even have your files encrypted until you pay a ransom to have access to them again (Ransomware). And new attacks are always coming up when attackers (often called Hackers) find new vulnerabilities (especially through DNS).

A group of security researchers (Forescout) have found a series of flaws that are affecting the implementation of DNS system protocol on at least 100 million of internet connected devices ranging from smartphones and computers to aircraft navigation systems.

So, attackers are taking advantage of the flaws mentioned above to execute denial of service or remote code-execution attacks.

To begin with, what exactly is DNS?

DNS stands for Domain Name System and it’s a protocol that translates human-readable domain names (like www.google.com) to machine-readable IP addresses (like 192.167.2.4).

For instance, when you enter a domain name on your browser, your request is sent to a DNS server which checks the request, checks if it knows the address for your domain name and then sends the IP address back if it knows it. If it doesn’t, it sends the request to another DNS server and so on.

what is a DNS attackers find vulnerabilities

Being aware of this, attackers can get in the middle and provide a fake/malicious IP address and get the user to download a malicious software/virus and start the attack.

DNS Attackers find vulnerabilities. DNS Security, Name:WRECK bug

There is however some mitigation information that security engineers can use to develop signatures that detect DNS Vulnerabilities:

  • Discover and Inventory devices running the vulnerable stacks.

  • Enforce segmentation controls and proper network hygiene.

  • Monitor progressive patches released by affected device vendors.

  • Configure devices to rely on internal DNS servers.

  • Monitor all network traffic for malicious packets.

(From Forescout)

It’s always important to keep your network secure and out of reach from the attackers and the best way to keep it protected is to have a firewall as the first line of defense.

Don’t know what a firewall is? Check our article about Firewalls 

Article written by: Giuseff Rivas.