Cybersecurity Threat Report for May 21st, 2020

Cyber Threat Report for May 21st, 2020

U.S. Center for Internet Security Alert Level

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.

Center for Internet Security (CIS) Alert Level Guarded
Current US Center for Internet Security Alert Level

From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.

NXNSAttack Packet Amplification Recursive DNS Server Vulnerabilities

Briefing

Catilan Cimpanu of Zero Day reports that a vulnerability exists in DNS based software and may be used to launch a Distributed Denial of Service (DDoS) attack.  The vulnerability was discovered by Israeli researchers.  What appears to be happening is that a simple DNS query is responded to by a malicious DNS server as part of the recursive DNS chain.  A response that typically contains 2 packets contains over 1,600. The spike can crash a victim’s server.  This is the gist of the stated DDoS attack.  This is commonly referred to as Packet Amplification (PAF).  It sounds as if work has been under way for quite some time to patch DNS servers world-wide.  It’s not uncommon to have efforts to mitigate a vulnerability done before any announcement is made.

CVE-2020-8616, CVE-2020-12662, CVE-2020-10995, and CVE-2020-12667

Scope

The vulnerability effects most DNS servers world-wide.

Application

Impacted software includes

  • ISC BIND (CVE-2020-8616);
  • NLnet labs Unbound (CVE-2020-12662);
  • PowerDNS (CVE-2020-10995);
  • CZ.NIC Knot Resolver (CVE-2020-12667).

Impact

The potential for a Distributed Denial of Service (DDoS) attack.

Impact Type

Incident rather than a breach.

Threat Actions

Attack Vector

Packet Amplification

Mitigation Efforts

Underway

Customer Notification

No customer notification is not necessary as this is not a breach.

Further Reading

Hits: 148

Related Articles

Secure Data Wiping & Destruction

Data wiping is an important part of business operations and any information security program. For those that have a Written Information Security Program (WISP) it likely includes the procedures and processes for data wiping and scrubbing of files, directories, and physical storage devices.

Cybersecurity Threat Report for May 14th, 2020

GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity. There are 4 other levels. There’s Low, Elevated, High, and Severe.  From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”

Responses

Your email address will not be published. Required fields are marked *

  • Sign Up
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.