VideoHacking Demo #3- Data Exfiltration
As the DNS protocol is authorized to go from the inside of the network to the Internet, some have found a way to use it to silently exfiltrate valuable data. Malware installed on a victim’s computer can use the DNS protocol to send the data using a simple encoding mechanism that requires nothing more than access to a recursive DNS server.
Exfiltrating information via DNS can be very discrete- sending a few packets per day- or extremely intense- sending thousands of stolen credit cards numbers and information per minute. Since the DNS protocol does not trigger alarms on the supervision systems, it can be used to exfiltrate a lot of information before the domain is caught by standard reputation filters (if installed).