In my last blog post, part 1 of this series, I discussed the important role DNS plays in protecting service provider networks from DNS amplification attacks, and the necessity of not only blocking malicious queries but also of not blocking good queries. In this post, I’ll look at Pseudo-Random Subdomain (PRSD) attacks and other malware (like phishing and ransomware), showing why DNS is perfectly suited to protect both networks and subscribers.
The importance of the DNS security protocol in general is widely understood, particularly in today’s overall security landscape. Anyone who currently manages (or has managed) caching/recursive or authoritative DNS servers knows the pain it causes when they go down. It’s bad. Without available DNS there is no internet, at least no usable internet. Generally, most, if not all applications today rely on DNS to locate resources somewhere on the internet to function. Additionally, said apps are becoming more and more reliant on the DNS.
The Domain Name System – the DNS – is the foundation of the internet. Beyond connecting IP addresses with web requests, DNS provides the basis for both the detection of and protection from global cyberthreats before they reach an organization’s corporate network resources —particularly given that more than 90% of malware uses DNS for command and control. This presents a tremendous opportunity for service providers to utilize their DNS infrastructure to provide security services to their business customers, which have a tremendous need for stronger, more proactive cyber protection.
With cyberattacks affecting SMBs at an alarming rate, business owners are challenged with putting strong enough security in place to protect them from the average $20,000 price tag per incident. Ransomware in particular has hit the SMB sector hard. As stated in a recent study by Arctic Wolf Networks, last year saw a 433% increase in ransomware attacks against SMBs1 – a number that is expected to grow.
By now you’ve most likely heard about the WannaCry (a.k.a. WannaCrypt) ransomware that began wreaking havoc in parts of the world this past Friday (May 12, 2017). Given Nominum’s broad, deep view into DNS data from our service provider customers around the world, we were able to gather insights into how WannaCry made its way onto subscriber networks around the globe (see the WannaCry: views from the DNS frontline in our Data Science blog for more thoughts). Reports show that the latest ransomware attack has infected more than 230,000 computers in over 150 countries.1 For now we are seeing the outbreak slow down, but some expect this is just the first of more similar attacks to come.2
Excerpted from Nominum Spring 2017 Security Report
In late April, we released the Nominum Spring 2017 Security Report, the latest report on our security research team’s DNS and HTTP analysis which provides a comprehensive view of the current cyberthreat landscape. In the report we take a look at “new core domains” and how they help us identify “zero-day attacks” so we can take steps mitigate them.
Inside the Mind of a Cybercriminal
The rise of open source malware, IoT-based threats and criminal services-for-hire is fomenting a new era in cybercrime. While global cybercrime is expanding and cybercriminals are stuffing their bank accounts, individuals and businesses (especially SMBs) are directly impacted. Many worry about the safety and security of their online experiences and what communication service providers (CSPs) are doing to protect them.
Digital transformation is about more than how technology advances can improve efficiencies in the collection, processing and distribution of information. Today’s empowered subscribers are demanding more control over their digital experiences, which requires communications service providers (CSPs) to offer innovative services that are simple to use, secure, and that enhance the digital lifestyle. A key part of this transformation is cybersecurity, given the amount of time consumers spend online and the number of online transactions they complete every day. The need for strong protections – both for users and for the networks they use – is particularly acute in the telecom sector.
I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum’s recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more. Read more