A recent spate of damaging DNS-level attacks was promulgated with “terrifying” ease by cybercriminals who leveraged compromised access credentials rather than even having to hack the DNS servers themselves, a DNS expert has warned. One of the interesting things about attacks such as DNSpionage and Sea Turtle, Infoblox executive vice president of engineering, chief DNS architect and senior fellow Cricket Liu recently told CSO Australia, was that “they were actually quite sophisticated attacks inasmuch as they had lots of different options to get the compromised credentials.” “Once they had that access,” he continued, “they stood up those servers as men in the middle and could sit there over an extended period and snoop web and mail traffic – which is kind of terrifying.” DNSpionage was blamed on Iranian state hackers and researchers from Cisco’s Talos concluded “with high confidence” that the Sea Turtle campaign was being run by an “advanced, state-sponsored actor that seeks to obtain persistent access to sensitive networks and systems”.

Read full article on CSO