Saturday,23 November, 2024

Subscribe to Newsletter

HOME
  NEWS
  Knowledge Center
 
News

Securing DNS Infrastructure against Malicious Domains

Published Mar 5, 2017

The constant creation of malicious domains has proved a cat and mouse game for threat researchers and cybercriminals. Across the world, new malicious domains are constantly being created from which cybercriminals can launch attacks against businesses’ Domain Name System (DNS) infrastructure.

During what is known as the ‘planting’ phase, the Infoblox DNS Threat Index, which monitors the creation of such domains, shows a significant increase in the number of malicious domains associated with malware and exploit kits.

In the second ‘harvesting’ phase, the attackers begin to reap the bounty from these newly created malicious domains, launching attacks on organisations’ DNS to exfiltrate data or just to wreak havoc on their victims.

Exploit kit popularity persists

A great amount of this malicious infrastructure is being used in the creation of exploit kits. This particularly disturbing category of malware is part of a growing trend of off-the-shelf, user-friendly cybercrime tools.

These tool-kits-for-hire deliver malware via drive-by download, ultimately providing cybercriminals with an opportunity to wreak great havoc on an organisation with little or no technical knowledge. Indeed, attackers using exploit kits don’t need to understand how they create or deliver the exploit needed to infect a server, and the attack itself is often facilitated by a user-friendly interface featured in the kits itself to help hackers manage and monitor their malware campaign. All of this ultimately serves to lower the technical bar for sowing malware.

It is therefore unsurprising that exploit kits have cemented their place as a popular motive for malicious domain creation.

Angler continues to reign as the most popular exploit kit. Indeed, just recently Perez Hilton, the celebrity gossip website, was hacked, redirecting its visitors to the Angler landing page which in turn exposed users to CryptXXX ransomware.

Achieving its malicious goals

These tool kits generally exploit vulnerabilities or security flaws in operating systems, browsers, and popular software such as Adobe Flash and Java. Then, just as in the Perez Hilton case, users are exposed to the kits (and their payloads) via malvertising and spam on the compromised websites.

When an exploit is successful in delivering its payload onto a victim’s device, it is then able to operate behind the service provider’s or company’s firewall. This malware can then spread across the internal network to other devices, as well as communicating back to its command-and-control (C&C) server, which enables it to download more malicious software or exfiltrate data. Often the organisation’s own DNS is used to facilitate communication between the infected device and its C&C server.

Like all command and control malware, phishing and many other threats, exploit kits use DNS to achieve their ultimate aim, whether that is data exfiltration or mass malware infection. For that reason, it has never been more important for organisations to protect their DNS infrastructure.

Securing DNS infrastructure

While DNS infrastructure is inherently a vulnerable component for organisations, effective internal DNS security solutions can turn it into a great asset for securing an organisation’s networks and data. And this is possible without having to change the existing network architecture.

Using DNS response policy zones (RPZs) on internal DNS, combined with an up-to-date threat intelligence feed of malicious destinations, enables DNS appliance to intercept those DNS queries which are associated with known malware. This effectively prevents the threat from communicating with its external C&C servers to wreak further havoc: preventing both data exfiltration using standard network protocols and malware from breeding in the network.

Furthermore, internal DNS security can identify and prevent data exfiltration using DNS tunnelling techniques by establishing query thresholds. This benchmark then enables the DNS to detect and flag any unusually large queries or responses which may contain packets of data.

With the wealth of intelligence that can be garnered both on the types of threats facing DNS infrastructure and on the malicious domains being created to exploit it, organisations can take effective steps to prevent attack vectors from exploiting this infrastructure. And as the technical bar is lowered for attacks, as with exploit kits, whose popularity will only rise, DNS security will only become ever-more crucial.

Inherently vulnerable, yet with great potential: no organisation should overlook this vital component of network architecture and leave it unprotected. DNS is capable of being an important defence against exploit kits and other attack vectors which rely on it to achieve their criminal aims.



Rate This:

Posted by VMD - [Virtual Marketing Department]


Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks