Hackers Use DNS Queries to Evade Defenses and Exfiltrate Data

Cybercriminals are increasingly exploiting the Domain Name System (DNS) to bypass corporate security measures and steal sensitive data, according to new research from cybersecurity experts.

This sophisticated technique, known as DNS tunneling, transforms the internet’s essential “phonebook” into a covert communication channel for malicious activities.

DNS tunneling involves encoding data within DNS queries and responses, creating an invisible pathway between attackers and compromised systems.

Because DNS traffic routinely passes through corporate firewalls with minimal inspection, this method allows cybercriminals to conduct command-and-control (C2) operations and data exfiltration while remaining largely undetected, as per a report by Infoblox.

The attack process begins when threat actors gain control of a domain name’s authoritative name server.

Malware installed on victim systems then performs periodic lookups of the controlled domain, receiving encoded instructions through DNS responses.

These communications can trigger various malicious actions, from directory listings to file deletions, all while appearing ...