Security Center Security News v
Amazon Follows Google in Banning "Domain Fronting"

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Amazon Follows Google in Banning "Domain Fronting"
tarekma7 Offline
Administrator
*******
Administrators
Posts: 19,392
Threads: 8,940
Thanks Received: 32,368 in 9,283 posts
Thanks Given: 4,308
Joined: Sep 2015
Reputation: 2,714
The EnforcerGold MemberRandomThe InfluentialThe CrownThe Researcher The WriterThe Organizer View All
#1
05-02-2018 , 12:00 AM
[Image: APT29-domain-fronting.png]

Quote:Two of today's biggest cloud service providers are now blocking a technique called "domain fronting" that has been used by websites and applications to avoid government-based censorship, but also by malware to secretly siphon stolen data to covert servers.

The first one to drop support for domain fronting was Google, at the start of April. Tor developers were the first ones to notice that Google App Engine had stopped working with domain-fronted services on April 13.

A Google spokesperson told the media at the time that Google never officially supported domain fronting in the first place, and that recent changes in its infrastructure had resulted in the feature ceasing to work.

Amazon follows Google and bans domain fronting as well
But last week, Amazon, too, announced that it would drop support for the same feature.

"Domain fronting" is a technique that app and website developers have used in the past to fool censorship tools. The technique relies on using an intermediary cloud server as a proxy for the real website. Connections are initiated for the proxy server, but the user is redirected to the actual website in a subsequent step.

But despite its simple scheme, domain fronting has allowed websites and apps to evade ISP-level censorship and traffic inspection tools for more than a decade.

Domain fronting has been used by apps like Signal, Tor-to-Web proxies, the GreatFire service to bypass China's Great Firewall, and lots of VPN providers to hide their servers' real locations.

Domain fronting became popular with malware operations
But despite the technique's use with legitimate apps trying to skirt government-based bans, the domain fronting had also slowly started to become quite popular on the malware scene, where cybercriminals had been using it to disguise the locations of command-and-control (C&C) servers and provide an extra layer of resiliency during law-enforcement takedown efforts.

The most famous use of domain fronting for a malware operation was by APT29, a cyber-espionage group suspected to be a branch of the FSB, one of Russia's intelligence agencies, according to cyber-security firm CrowdStrike.

READ FULL ARTICLE HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ Bjyda 0 1,249 12-17-2020 , 10:29 PM
Last Post: Bjyda
  Zerologon vulnerability threatens domain controllers mrtrout 0 858 09-18-2020 , 03:17 AM
Last Post: mrtrout
  Dangerous Domain Corp.com Goes Up for Sale sidemoon 0 1,264 02-13-2020 , 10:57 PM
Last Post: sidemoon
  Trump Signs Bill Banning Kaspersky Products on Government Computers mrtrout 0 1,903 12-14-2017 , 06:31 AM
Last Post: mrtrout
  Russia may start banning VPNs Mike 0 1,879 04-21-2017 , 11:20 AM
Last Post: Mike

Forum Jump:


Users browsing this thread: 1 Guest(s)