No one attack campaign is behind the spike in malicious domains, but popular and pervasive exploit kits such as Angler are a big piece of the puzzle, he says. “The backend stuff is being done by domains,” he says.
DNS, which converts domain names into machine-readable IP addresses, has become a popular vehicle for the bad guys to use in the distribution of their malware, the theft of information, and distributed denial-of-service attacks.
The DNS Threat Index has been on the rise for three quarters straight. “This could indicate cybercriminals are expanding the infrastructure to leverage targeted attacks for spreadkign malware and/or exfiltrating data,” the Infoblox report said.
Internet pioneer and DNS expert Paul Vixie says there are ways to slow and possibly trip up DNS abuse. He has proposed a “cooling-off period” for DNS providers to activate new domains, an approach that would help minimize domain abuse. A new generation of inexpensive and quick startup domain names has made it easier for bad guys to set up shop in the DNS infrastructure, according to Vixie.
Version, hot on the heels of last week’s OpenDNS acquisition by Cisco, has just launched their own DNS firewall service offering many of the same features as its counterpart (emphasis added):
Verisign’s DNS Firewall leverages real-time feeds from multiple sources to enhance overall threat protection, including its own iDefense Security Intelligence Service feeds for country-specific and regional threats.
The platform also utilizes a botnet detection algorithm feeds that predicts a variety of potential threats and enhances a customers ability to protect from threats through the addition of threat indicator feeds from various third party sources.
Additionally, the service includes a of out-of-the-box content filters, including the ability to define customized white and black lists.
By monitoring DNS requests, the service can help customers identify affected devices inside enterprise networks, including mobile devices, and deploying the DNS firewall requires an update of the recursive DNS settings.
Seems like a good service positioned for small and medium sized businesses, or organizations with little to no cyber security expertise.
Armin Rosen of Business Insider on Air Force veteran Doug Madory who is an internet specialist at Dyn, watches cyber attack campaigns unfold in real-time:
Madory can watch those transactions unfold in real time, and build a picture of global web traffic that shows which countries are most vulnerable to cyberattacks[sic], or which autocratic governments might be curtailing web use, or which private- or public-sector providers have the ability to choke off web activity.
Madory’s work stands at a critical intersection of international politics and internet policy — and it draws on his background as a former Air Force officer.
Dann Albright of MakeUseOf explains how DNS leaks can destroy anonymity when using a VPN, how to diagnose such leaks, and what you can do to prevent DNS leaks:
Usually, DNS servers are assigned by your internet service provider (ISP), which means that they can monitor and record your online activities whenever you send a request to the server. When you use a virtual private network (VPN), the DNS request should be directed to an anonymous DNS server through your VPN, and not directly from your browser; this keeps your ISP from monitoring your connection.
Unfortunately, sometimes your browser will just ignore that you have a VPN set up and will send the DNS request straight to your ISP. That’s called a DNS leak. This can lead to you think that you’ve stayed anonymous and that you’re safe from online surveillance, but you won’t be protected.
Obviously this is not good. So let’s take a look at diagnosing and stopping it.