DNSFilter Seeing Increased Malicious Activity

Over the last week, DNSFilter has seen an increase in phishing attempts. In addition, we’re keeping an eye on a lot of cyber attacks that are getting reported including advanced phishing attacks, PTO phishing attacks, pig butchering and the targeted attacks on critical infrastructure.

Being a highly customizable product, administrators create policies to ensure they are in line with your organization's or clients’ needs. We encourage our customers to regularly review configured policies within DNSFilter as your needs change and as we add new options.

In order to help improve the overall security of your organization, we wanted to highlight some policy options that may not be as well known.

Let’s start with some options to block newly seen domains by DNSFilter:

  • New Domains - Domains which have been registered in the last 30 days and which have a high probability of serving malicious resources
  • Very New Domains - Domains which have been registered in the last 24 hours which have a high probability of serving malicious resources.

*Note: For a domain to be categorized as New or Very New, it needs to be seen (resolved) by DNSFilter first. 

One additional option to further increase protection for newly registered domains but not yet seen (resolved) by DNSFilter is under the Extra Settings section:

  • Block Uncategorized Sites - This setting controls whether or not to block domains that the system has not classified (including newly-registered domains). It is off by default because many Content Servers and Content Distribution Networks (CDNs) are served from domains that have no web content to scan but are important to end user experience (Office Online documents, Dropbox uploads etc)

*Note: Because the Block Uncategorized Sites category can impact the user experience, we recommend turning it on individually after a policy is applied and monitoring results.

Another option that may be helpful for any resolved domain is blocking parked domains:

  • Parked Sites & Domains - These are sites which are not displaying legitimate content, but instead are showing "Parked" pages with common search terms, "Under Construction" messages, or a list of advertisements. In some cases, these may be newly registered domains. This setting is off by default.

Lastly, with Google introducing new top-level domains, attacks are already being seen on these new domains. DNSFilter can block TLDs simply by entering the TLD (without a ‘.’) in the Block List. For example, to block the entire “.zip” TLD, you would enter “zip” in the Block List.

To summarize some suggested policy configurations:

 
Baseline Threat Protection Advanced Threat Protection
 Botnet Botnet
 Cryptomining Cryptomining
 Malware Malware
 Very New Domains New Domains
 Phishing & Deception Phishing & Deception
 Proxy & Filter Avoidance Proxy & Filter Avoidance
  Translation Sites
  Extra Settings: Block Uncategorized Sites
  Extra Settings: Parked Sites and Domains

*Note: For Advanced Protection, turn on the categories under Extra Settings individually after applying baseline protection. Watch for tickets generated from users as well as our Query Log to decide if they should remain on. Security is always a balance between protection and usability. Your users need to have enough access to get their work done, in an environment that restricts them from accessing harmful content.

Lastly, no security vendor can guarantee 100% protection, so we encourage organizations to use a layered approach for security which includes security awareness training.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Enhancing Security for In-Store Wi-Fi: How to make convenience safe for all Enhancing Security for In-Store Wi-Fi: How to make convenience safe for all

As demand grows for constant connectivity to the digital world, offering free Wi-Fi has become as essential for restaurants and retail stores as providing quality products and exceptional service. Customers increasingly expect to stay connected wherever they go, and the availability of Wi-Fi in restaurants, shopping malls, and retail outlets significantly influences their choice of where to dine and shop. For businesses, providing in-store Wi-Fi ...

Green IT & Sustainability Green IT & Sustainability

"Green IT" isn't just a buzzword; it's a transformative approach reshaping how we manage technology. As IT professionals, embracing Green IT means integrating sustainability into every facet of technology management. This isn't merely about being eco-friendly; it's about crafting IT environments that are both cost-efficient and future-proof.

How AppAware Protects Kids from Predator Dangers on Roblox How AppAware Protects Kids from Predator Dangers on Roblox

Roblox, one of the world’s largest online platforms for children, has recently been making headlines—and not for the right reasons. While it's a playground for millions of kids, it's also become a target for online predators. A recentBloomberg article revealed disturbing details about predators exploiting Roblox’s ecosystem, raising urgent concerns about the platform’s safety.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.