Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers

Patches released for a new DNSSEC vulnerability named KeyTrap, described as the worst DNS attack ever discovered.  

DNS vulnerability KeyTrap

A team of researchers has disclosed a new DNS-related vulnerability that can allegedly be exploited to disable large parts of the internet. 

The vulnerability, named KeyTrap and officially tracked as CVE-2023-50387, has been described as a critical flaw in the design of Domain Name System Security Extensions (DNSSEC), a DNS feature that authenticates responses to domain name lookups.

The goal of DNSSEC is to prevent attackers from manipulating or poisoning responses to DNS requests. However, researchers at the Germany-based ATHENE National Research Center for Applied Cybersecurity found that a design flaw could allow malicious actors to cause significant internet disruption using a single specially crafted DNS packet that causes CPU resource exhaustion. 

Systems using a DNSSEC-validating DNS resolver are impacted, and the researchers claimed more than 31% of web clients had used such resolvers as of December 2023. 

“Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging. With KeyTrap, an attacker could completely disable large parts of the worldwide Internet,” the researchers said in a press release

KeyTrap has allegedly been described by some DNS vendors as the worst attack method ever discovered. 

The KeyTrap attack impacts widely used DNS implementations, as well as DNS services providers such as Google and Cloudflare. However, impacted vendors were notified several months ago and they have been releasing patches, the last of which became available on February 13, according to the researchers.

On the other hand, the researchers noted that completely preventing KeyTrap attacks requires changing the “underlying design philosophy of DNSSEC”.

Advertisement. Scroll to continue reading.

The underlying weakness has existed for more than two decades, but there is no indication that it has been exploited in the wild. 

Security advisories for CVE-2023-50387 have been published by Microsoft, BIND, PowerDNS, and NLnet (Unbound).

In the case of BIND, the researchers claimed that “it can be stalled for as long as 16 hours”.

UPDATE: Google has provided the following statement to SecurityWeek:

“We are aware of this vulnerability and rolled out a fix in coordination with the reporting researchers. There is no evidence of exploitation and no action required by users at this time.”

Cloudflare told SecurityWeek, “Cloudflare was made aware of the KeyTrap vulnerability as part of coordinated disclosure and our systems were promptly patched.”

Related: Cyberespionage Implant Delivered via Targeted Government DNS Hijacking

Related: Dangling DNS Used to Hijack Subdomains of Major Organizations 

Related: In Other News: Fake Lockdown Mode, New Linux RAT, AI Jailbreak, Country’s DNS Hijacked

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.