ADAMnetworks, the creators of the world’s first zero trust resolver and a leader in pre-emptive security, has uncovered a vulnerability that exploits shared hosting ecosystems using a novel techniqu...
Autore: Business Wire
Code-named, Underminr, the vulnerability is under active exploit and has the potential to overwhelm defenses at scale.
New tactics in abusing connection protocols are making attacks mostly invisible to defenders and hosting providers that already neutralized legacy domain fronting in the past.
Around 88 million domains are affected across the globe with a large disparity of risk towards the US, Canada & the UK while China remains mostly immune.
This is under active abuse and could be scaled by AI-orchestrated malware campaigns to overwhelm defenses worldwide.
LONDON, Ontario: ADAMnetworks, the creators of the world’s first zero trust resolver and a leader in pre-emptive security, has uncovered a vulnerability that exploits shared hosting ecosystems using a novel technique, allowing attackers to circumvent common network security practices.
Code-named Underminr, it is a vulnerability in the implementation of internet-bound connections involving large-scale hosting providers. It can be exploited by attackers to circumvent security and evade detection when connecting to C2 or exfiltrating data. The vulnerability is being actively exploited and could be scaled by threat actors using AI-orchestrated malware campaigns, potentially overwhelming defenses worldwide.
The exploit bears similarity to legacy domain fronting, which was essentially neutralized by Content Delivery Networks (CDNs) in 2018. However, Underminr uses new Tactics, Techniques, & Protocols (TTPs), making it mostly invisible to defenders and hosting providers that already neutralized legacy domain fronting. Exploiting this vulnerability as part of defense circumvention allows trusted domains to be abused by Advanced Persistent Threats (APTs) and malicious actors as part of an attack chain with impunity.
“Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain,” says David Redekop, CEO of ADAMnetworks. “Because it fundamentally undermines the critical infrastructure that makes up the backbone of the internet, we felt we had to collaborate with technology providers and defenders across the industry before this potential wave hits.”
As part of responsible disclosure, ADAMnetworks has collaborated with multiple industry partners sharing intelligence and creating an open source application for cyber defenders to detect Underminr evasion attempts from within their networks.
The research team is also releasing an official impact report for defenders that will be updated periodically as the vulnerability is monitored by collaborators as well as a website which allows domain owners to check in real-time if their domains are vulnerable to abuse of Underminr attacks at https://underminr.ai.
The top 5 million domains were tested against this vulnerability, which gives insight into the scope of impact and reveals which content delivery networks are most vulnerable. A particularly disconcerting finding is that the USA, Canada & UK internet infrastructures are highly vulnerable to Underminr attacks. With a disparity of risk greater than 2:1 against Russia and over 6:1 against China.
According to Chester Wisniewski, an industry veteran and Global Field CISO at Sophos, “Millions of users globally rely on DNS filtering technology to provide a transparent layer of protection to their online activities, especially when outside of a secured business network. Underminr allows malicious actors to abuse their infrastructure to disguise their nefarious activities.”
Tom Newton, VP at Qoria, believes Underminr now forces defenders to adapt their technologies: “The internet depends upon the integrity of connections requested by devices and authorised by security systems. Until cloud operators address this vulnerability as they did with domain fronting in the past, we must continue to evolve our defensive capabilities.”
ADAMnetworks’s pre-emptive security solution involves a new Zero Trust resolver that is designed to neutralize yet-unknown & undetectable threats by implementing an AI-enhanced default-deny-all posture for all outbound connections. The solution is device agnostic, thus also protects IoT and OT assets which is particularly important for sectors like Manufacturing, Defense, Healthcare and Critical Infrastructure. The latest release of their solution now also neutralizes Underminr attacks for any defenders that need to secure mission-critical assets. They are hopeful that the whole industry will join forces to implement mitigations against Underminr and other AI-enhanced attacks before large-scale damage is done to people and systems.
About ADAMnetworks
ADAMnetworks is a pre-emptive security technology provider that specializes in Zero Trust Connectivity to ensure the highest level of security. Our core offerings include a Default Deny-All security platform that utilizes AI-driven dynamic allowlisting and our patented egress control technology to proactively defend against cyber threats before they can execute or could be detected. To learn more about our platform, visit https://adamnet.works/
Fonte: Business Wire