Companies actively support hackers
in attacking their own infrastructure
Picture Gerd Altmann auf Pixabay
Imagine homeowners providing all passers-by with burglary instructions for their own homes and displaying street maps with ideal victim addresses.
This is exactly what companies in Germany are doing.
The reasons for this lie in the history of the Internet.
What do these burglary instructions look like?
The table of contents for these burglary instructions is called Domain Name System, or DNS for short. DNS dates back to the early years of the Internet and was designed by Paul Mockapetris in 1983 and has been an indispensable part of the Internet ever since. The DNS is a hierarchical directory service distributed on thousands of servers worldwide that manages the Internet's namespace.
Just like street directories that show burglars the way to their victim, DNS not only indicate which IP address belongs to a domain name, but they also point the way for modern burglars.
With the help of DNS, hackers learn an enormous amount of details about the organization of their victims.
Without DNS, hackers would have to visit and analyze all IP addresses, after all, 4,294,967,296 (!!) IPv4 addresses and 340 sextillion (!!) IPv6 addresses. This is also a costly affair for modern data processing systems.
With the help of the abbreviation DNS, an attacker gets an enormous amount of clues about the IP addresses used in a company. Strictly speaking, these addresses are recorded there with further information such as Internet domain names but also speaking names of e.g. test systems or servers, which contain information about the authorization of employees, are recorded for everyone to see. This information is usually not visible to a normal user and is usually irrelevant for the use of the provided services.
This is an invitation for the bad guys!
To hackers, this information sounds like personal invitations to a birthday party. Once the guests at the party are chatty, they give the attackers more information about potential vulnerabilities in the host's home.
This includes information about API's interfaces to third party systems but also information about production and test systems related to revenue, sales and budget information, investments, directories of image data and much, much more.
From this table of contents, attackers scan the offered IP addresses. The scans can range from simple pings (ICMP requests and responses) to more sophisticated scans that can uncover host software/versions and network artifacts. The information from these scans can reveal opportunities for other forms of reconnaissance (e.g., searching open websites/domains or searching open technical databases), operational resource building (e.g., developing capabilities or obtaining capabilities), and/or initial access (e.g., External Remote Services).
What can companies do about it?
JOUO's first step is to show the extent of the information that your organization is carelessly providing and the potential for individual risk. JOUO also shows potential security vulnerabilities of the servers listed in the DNS.
With the help of JOUO we develop a concept with you, how you can hide this data in the future from the prying eyes of attackers, but also from your competition.