Marks and Spencer Cyber Crisis: Exposing Critical DNS Vulnerabilities

By /

Listen to this Post

Featured Image
The ongoing cyber crisis at Marks and Spencer, now in its fourth week, highlights severe vulnerabilities in both its digital infrastructure and its banking partner HSBC. Despite interventions from the National Cyber Security Centre (NCSC) and CrowdStrike, critical internet assets remain exposed, putting millions of customers at risk.

Key Vulnerabilities Identified

  • Insecure DNS Start of Authority (SOA) Records: Exposes sensitive infrastructure details, allowing attackers to map network hierarchies and identify primary name servers.
  • Third-Party Risks: Traditional banks like HSBC must rigorously assess the cybersecurity resilience of partners.
  • Lack of Basic Cyber Hygiene: Absence of fundamental security measures in 2025 is alarming.

You Should Know: DNS Security Best Practices & Commands

1. Analyzing DNS SOA Records

Use `dig` to inspect SOA records:

dig SOA hsbc.com

Expected Output:

[/bash]

hsbc.com. 3600 IN SOA ns1.hsbc.com. admin.hsbc.com. (

2024050101 ; serial

3600 ; refresh

1800 ; retry

604800 ; expire

86400 ; minimum TTL

)

Risk: Exposed admin email (<code>admin.hsbc.com</code>) and primary nameserver (<code>ns1.hsbc.com</code>) can be targeted.

<ol>
<li>Preventing DNS Cache Poisoning 
Enable DNSSEC to validate DNS responses: 
[bash]
sudo apt install bind9 
sudo named-checkconf /etc/bind/named.conf.options 
sudo systemctl restart bind9

Add in `/etc/bind/named.conf.options`:

dnssec-validation auto; 
dnssec-enable yes;

3. Detecting DNS Leaks

Use `nslookup` to verify unauthorized DNS queries:

nslookup example.com

Check for unexpected DNS servers.

4. Hardening DNS Servers

  • Disable Zone Transfers: 
    zone "example.com" { 
type master; 
file "/etc/bind/db.example.com"; 
allow-transfer { none; }; 
};
  • Restrict Recursive Queries: 
    recursion no; 
allow-recursion { none; };

5. Monitoring DNS Traffic

Use `tcpdump` to capture DNS packets:

sudo tcpdump -i eth0 port 53 -w dns_traffic.pcap

What Undercode Say

The Marks and Spencer-HSBC breach underscores systemic DNS security failures. Organizations must:
– Audit SOA Records: Remove sensitive details like admin emails.
– Enforce DNSSEC: Prevent spoofing and cache poisoning.
– Isolate Critical DNS Servers: Restrict external access.
– Monitor Anomalies: Use tools like `dnstop` for real-time analysis.

Linux Commands for DNS Security:

 Check open DNS resolvers 
nmap -sU -p 53 --script=dns-recursion <target>

Test for DNS amplification vulnerabilities 
dig +short @<target> ANY isc.org

Windows DNS Hardening:

 Disable DNS recursion 
Set-DnsServerRecursion -Enable $false

Enable DNS logging 
Set-DnsServerDiagnostics -All $true

Expected Output: A secure DNS infrastructure with minimized attack surface, logged queries, and DNSSEC validation.

Prediction

Without immediate remediation, similar breaches will escalate, targeting other retailers and banks with weak DNS configurations. Proactive hardening and third-party audits will become regulatory mandates.

References:

Reported By: Andy Jenkinson – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: