Cybersecurity Threat Report for May 21st, 2020
U.S. Center for Internet Security Alert Level
GUARDED: indicates a general risk of increased hacking, virus, or other malicious activity.
From the Center for Internet Security, “The potential exists for malicious cyber activities, but no known exploits have been identified, or known exploits have been identified but no significant impact has occurred.”
NXNSAttack Packet Amplification Recursive DNS Server Vulnerabilities
Briefing
Catilan Cimpanu of Zero Day reports that a vulnerability exists in DNS based software and may be used to launch a Distributed Denial of Service (DDoS) attack. The vulnerability was discovered by Israeli researchers. What appears to be happening is that a simple DNS query is responded to by a malicious DNS server as part of the recursive DNS chain. A response that typically contains 2 packets contains over 1,600. The spike can crash a victim’s server. This is the gist of the stated DDoS attack. This is commonly referred to as Packet Amplification (PAF). It sounds as if work has been under way for quite some time to patch DNS servers world-wide. It’s not uncommon to have efforts to mitigate a vulnerability done before any announcement is made.
CVE-2020-8616, CVE-2020-12662, CVE-2020-10995, and CVE-2020-12667
Scope
The vulnerability effects most DNS servers world-wide.
Application
Impacted software includes
- ISC BIND (CVE-2020-8616);
- NLnet labs Unbound (CVE-2020-12662);
- PowerDNS (CVE-2020-10995);
- CZ.NIC Knot Resolver (CVE-2020-12667).
Impact
The potential for a Distributed Denial of Service (DDoS) attack.
Impact Type
Incident rather than a breach.
Threat Actions
Attack Vector
Packet Amplification
Mitigation Efforts
Underway
Customer Notification
No customer notification is not necessary as this is not a breach.
Further Reading
Hits: 166
Responses