500 Organizations Affected Via Security Flaw in AWS Route53

 

Earlier this year in January 2021, Cloud security researchers from Wiz.io accidentally uncovered a ‘novel’ class of Domain Name Service (DNS) flaws in Amazon Web Services' Route53. Researchers were left surprised after they realized that its self-service domain registration system is allowing them to create a new hosted zone with the same name as the real AWS name server and directed it to their IP address. Cloud security researchers received traffic from more than 15,000 different AWS customers and a million endpoint devices, all after registering a bogus AWS name server as ns-852.awsdns-42.net, the same name as an actual AWS name server. However, researchers managed to gather a treasure trove of information on Fortune 500 companies including 45 US government agencies and 85 government agencies overseas."We were trying to figure out how to break DNS and we had no idea what traffic we were getting at first. In theory, if you register a name server name ... it shouldn't have any impact. We understood then that we were on top of an unbelievable set of intelligence, just by tapping for a few hours into a small portion of the network. I called it a nation-state intelligence capability using a simple domain registration," says Ami Luttwak, co-founder and CTO of Wiz.io as well as a former member of Microsoft's cloud security team. AWS patched the security hole in mid-February, shortly after the researchers alerted it back in January. However, two other vendors, the researchers contacted about the flaw have not yet fixed it in their DNS services. An AWS spokesperson did not provide any details but confirmed that Route53 "is not affected by this issue," adding that the service "prevents the creatio ..

Support the originator by clicking the read the rest link below.