A naukri.com initiative
Infoblox
3w
70
Image Credit: Infoblox
Threat Actors Abuse DNS to Con Consumers
- According to CISA, more than 90% of successful cyber-attacks start with a link or webpage designed by bad actors to trick users into revealing their passwords or other sensitive information. DNS infrastructure and communications fit perfectly to the criminal mode of operation.
- The first element DNS offers to cybercriminals is anonymity, enabling them to set up a nefarious infrastructure including the content bait, malicious payload, and victim data-capturing backend while staying unidentifiable.
- Second advantage adversaries find in DNS is the ability to intentionally target and aim at victims. By combining multiple DNS servers, domain names can lure and redirect traffic to the right malicious content based on the victim’s environment.
- Most importantly, by hiding commands in the DNS response, the C2 communication stays undetected by many security tools, allowing the adversary to continue their attack.
- DNS is the Swiss army knife for any actor and supports a broad spectrum of intrusion techniques, such as social engineering, credential theft, unauthorized remote access, or data leakage.
- Infoblox has discovered multiple DNS weaponizations, including sophisticated campaigns using techniques like fake messages via SMS to trick users into entering personal information for supposed high-return investments.
- Another discovery by Infoblox found an advanced technology suite connected to Chinese organized crime, money laundering, and human trafficking that uses DNS configurations, website hosting, payment mechanisms, and more. The brands exploit residents in China and victims worldwide tapping into the $1.7 trillion illegal gambling economy.
- Common in all the adversarial tactics is that the cyber-criminal first carefully created the domain and malicious site sometimes months to a year in advance of the attack.
- Infoblox generates threat intelligence to proactively stop these attacks and efficiently protect businesses from costly incidents.
- DNS can give the attacker an advantage by deceiving the victims and automatically providing a malicious link. To learn more on how to protect brand and consumer trust using Infoblox threat intelligence go to https://www.infoblox.com/threat-intel/
Read Full Article
4 Likes
For uninterrupted reading, download the app