Top DNS Threats and How to Deal with Them

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Next

Botnets and Advanced Persistent Threats

Botnets and advanced persistent threats (APTs) all make use of DNS as part of their mechanisms to contact their command and control infrastructure. This can use sophisticated techniques such as domain generation algorithms, or fast flux domains to hide the command and control infrastructure and make it resistant to takedown by security companies or law-enforcement agencies.

Organizations should use defense-in-depth techniques to identify and mitigate bots and APTs in their network; this can involve using threat intelligence feeds from multiple sources, deployed at multiple points in the network (IDS, DNS firewall, web filter), as well as deploying security software that detects likely command and control traffic in protocols such as DNS, HTTP, etc., and look for anomalous patterns in network and application traffic that could indicate infection.

The domain name system (DNS) is a critical component of the Internet, translating domain names such as www.itbusinessedge.com into Internet protocol (IP) addresses. However, since most standard security measures do not block DNS traffic, cyber criminals are able to infiltrate networks and gain access to proprietary data. In addition to launching attacks, cyber criminals can also exploit an organization's DNS infrastructure to cause outages.

In a survey conducted by Vanson Bourne, 66 percent of U.S. respondents reported that their organization suffered a DNS attack within the last 12 months. Even more troubling, respondents indicated that the attack resulted in loss of Internet service (63 percent), an increase in customer complaints (42 percent) and the loss of confidential customer information (33 percent).

Over the past year, some of the world's most highly trafficked media and social networking sites have been disrupted by DNS attacks, with hackers seizing control of their websites by changing information in the organizations' DNS databases. Recently, both websites for Lenovo and Google were victims of "domain hijacking." During the attack, visitors to Google's Vietnamese site were redirected to another site. Visitors to Lenovo's site were maliciously redirected to a defaced site controlled by the well-known hacker group, Lizard Squad.

In this slideshow, Cloudmark CTO Neil Cook shares five of the top DNS threats, their potential impact on organizations, and best practices for identifying and preventing such attacks.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Security117-190x128.jpg 5 Steps to Protect Executives from a Whale-Phishing Attack

Whaling is a type of spearphishing targeting "big fish" in an organization with access to sensitive, highly-valuable information. ...  More >>

Security116-190x128.jpg 5 Common Failures Companies Make Regarding Data Breaches

Five common failures companies make when preparing for, and responding to, a data breach, as well as guidance for companies on how they can tackle these issues. ...  More >>

Security115-290x195 Data-Centric Approach Starves Data-Hungry Cybercriminals

Incorporating security capabilities such as encryption, better control and management and a data security framework will help alleviate the burden breaches place on the organization and people's lives. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.