The Domain Name System, or DNS, is the protocol that translates human-friendly URLs into machine-friendly IP addresses. Essentially, it’s the phone book of the internet. This makes DNS a critical component of business operations, requiring firewalls to let it pass through and preventing network operators from blocking DNS traffic. As a result, it has become a prime target for threat actors who have successfully deployed various DNS-based attacks against company networks over the years.
Attackers often use DNS to establish command and control (C2). This can lead to gaining unauthorized access to the network, moving laterally or exfiltrating data. As security has evolved to try to prevent abuse of DNS traffic and C2, the tactics and techniques of attackers have also evolved.