DNSpionage & Sea Turtle: A New Breed of DNS Attack
In this webinar you will learn:
- An overview of the DNSpionage and Sea Turtle attack campaigns
- How primary and secondary targets were compromised, then leveraged to imitate and capture valid SSL certificates
- How zero-trust access principles can help protect organizations from similar attacks
All connected devices rely on the Domain Name System (DNS), translating human-readable hostnames into network-routable IP addresses. Two recent attack campaigns primarily in the Middle East and North Africa have focused on redirecting requests and hijacking DNS as a mechanism to achieve their wider goals. These campaigns, named DNSpionage and Sea Turtle by researchers, demonstrate the risk posed when DNS integrity is compromised.
In a 2018 blog post DNSpionage Campaign Targets Middle East, Talos research outlined the delivery method used to compromise targeted systems in the first of these campaigns, along with a walkthrough of how valid domains were maliciously redirected. In an update on April 17 of this year, Talos shared additional research on a separate campaign that is directly targeting registrars, and has wider risk implications.
Technical specialist in security and threat analysis Martin Lee from Talos will join Duo’s Federal Advisory CISO Sean Frazier in this detailed session describing his findings when studying these campaigns, and they will then discuss how zero-trust principles can help organizations reduce their risk from similar attacks.