DNS Data Exfiltration

Are you aware of the potential for data to leave your organization? A company’s intellectual property is the key to profits. Whether you are a marketing company, an insurance firm, or a manufacturer, the “secret sauce” of your organization is what you are trying to keep secret. It is because of this that you have an awareness of ways that the data might leave your company unlawfully.

The first and obvious one is some type of hacker. Perhaps one or many of your machines have been infected with malware. That malware is the remote terminal for bad actors to work through your network looking for valuable data so that they can send your secrets back out and sell them. Perhaps instead you have a rogue employee, who is looking to make extra money and has taken a bribe from bad actors who will pay them a lot of money to send them your data.

The obvious avenues for this data exfiltration are avenues your have already thought about, like email, USB Drive, file sharing sites like DropBox. But most sophisticated exfiltrations are designed to go undetected. There are various ways that data can be sent out using techniques that don’t look like data is going out.

One such was is through DNS lookups. DNS queries are placed from the workstation to a DNS server in control by the bad actor. The DNS queries look like long invalid strings (because perhaps the data in encrypted), but the query itself is asking for the actual data being sent. For example, if I want to exfiltrate the Gettysburg address document, I might perform DNS queries to my own DNS server looking for “FourScoreandSevenYearsAgoOurfathers” and the next query would continue with “broughtforthonthiscontinent” and so on until I have essentially transmitted the entire document. Of course all of these queries will be denied because these aren’t addresses, but who would notice? DNS is necessary on the Internet and you expect to see DNS traffic.

Because DNS queries are quick and easy, this is becoming a more prevalent technique to move data out of the company to the network of bad actors. From the bad actor side, all I have to do is keep a log of the queries and reassemble them.

But what if I am talking about the source code to the software you develop? Or the customer data you hold? Credit card numbers? Social Security numbers? Internal documents that you don’t want your competitors to see?

Contact us to today to find out how we can help protect you and your company from threats like these.

Tax time threats

As tax time approaches, people are keen to fill out forms with all of their most personal information such as their relationships, the social security numbers, income, home address, job information, payment information, bank account numbers, phone numbers and email. There is rarely a time of the year more vulnerable for consumers and tax professionals alike.

As a consumer, it can be difficult to ensure that your data is safe and secure. If you are filing taxes on your own, you have to trust that your mail won’t be intercepted, or if you are filing online through a tax agency or even an online tax preparer, how can you trust that those companies will secure your data adequately? With the number of large company breaches in the recent past including Target, Home Depot, and Equifax to name a few, a consumer’s information being held by a tax preparer could be at risk if that company doesn’t secure their own network.

On the consumer side, there is an increase in the number of “fake” or scamming applications and website that are “free” ways for someone to file their own taxes. These sites and applications will not in fact file your taxes, but collect and sell your personal information to the highest bidder. As a safe guard measure for all consumers; use a professional tax service, or be hyper vigilant that you are in fact connected to a reputable site such as H&R Block, or TurboTax to name a few. You can also file directly from the federal and most state government sites online.

If you are a tax preparer, and you are in charge of the personal information of your clients, what are you doing to ensure that data is safe and secure? Is your data subject to HIPAA law? Are you securing your data and processes to ensure that not only are you not breached, but if you were, you can prove you were practicing due diligence and due care? Keeping the data safe from your clients is a critical function, and one that is essential to not only your bottom line, but also to the reputation of your firm.

Contact KidderSec Technologies today to see where you stand in the fight to keep the data of your company and clients safe.