DNSFilter Seeing Increased Malicious Activity

Over the last week, DNSFilter has seen an increase in phishing attempts. In addition, we’re keeping an eye on a lot of cyber attacks that are getting reported including advanced phishing attacks, PTO phishing attacks, pig butchering and the targeted attacks on critical infrastructure.

Being a highly customizable product, administrators create policies to ensure they are in line with your organization's or clients’ needs. We encourage our customers to regularly review configured policies within DNSFilter as your needs change and as we add new options.

In order to help improve the overall security of your organization, we wanted to highlight some policy options that may not be as well known.

Let’s start with some options to block newly seen domains by DNSFilter:

  • New Domains - Domains which have been registered in the last 30 days and which have a high probability of serving malicious resources
  • Very New Domains - Domains which have been registered in the last 24 hours which have a high probability of serving malicious resources.

*Note: For a domain to be categorized as New or Very New, it needs to be seen (resolved) by DNSFilter first. 

One additional option to further increase protection for newly registered domains but not yet seen (resolved) by DNSFilter is under the Extra Settings section:

  • Block Uncategorized Sites - This setting controls whether or not to block domains that the system has not classified (including newly-registered domains). It is off by default because many Content Servers and Content Distribution Networks (CDNs) are served from domains that have no web content to scan but are important to end user experience (Office Online documents, Dropbox uploads etc)

*Note: Because the Block Uncategorized Sites category can impact the user experience, we recommend turning it on individually after a policy is applied and monitoring results.

Another option that may be helpful for any resolved domain is blocking parked domains:

  • Parked Sites & Domains - These are sites which are not displaying legitimate content, but instead are showing "Parked" pages with common search terms, "Under Construction" messages, or a list of advertisements. In some cases, these may be newly registered domains. This setting is off by default.

Lastly, with Google introducing new top-level domains, attacks are already being seen on these new domains. DNSFilter can block TLDs simply by entering the TLD (without a ‘.’) in the Block List. For example, to block the entire “.zip” TLD, you would enter “zip” in the Block List.

To summarize some suggested policy configurations:

Baseline Threat Protection Advanced Threat Protection
 Botnet Botnet
 Cryptomining Cryptomining
 Malware Malware
 Very New Domains New Domains
 Phishing & Deception Phishing & Deception
 Proxy & Filter Avoidance Proxy & Filter Avoidance
  Translation Sites
  Extra Settings: Block Uncategorized Sites
  Extra Settings: Parked Sites and Domains

*Note: For Advanced Protection, turn on the categories under Extra Settings individually after applying baseline protection. Watch for tickets generated from users as well as our Query Log to decide if they should remain on. Security is always a balance between protection and usability. Your users need to have enough access to get their work done, in an environment that restricts them from accessing harmful content.

Lastly, no security vendor can guarantee 100% protection, so we encourage organizations to use a layered approach for security which includes security awareness training.

  • There are no suggestions because the search field is empty.
Latest posts

The shift from in-office to remote work happened (quite literally) overnight. Work from home was forced onto many during the onset of the COVID pandemic, and it was astonishing how quickly people and organizations alike adapted to this new work style.

Moving Beyond Traditional Network-Based Security Moving Beyond Traditional Network-Based Security

Zero Trust Network Access (ZTNA) is a cybersecurity paradigm that is rapidly gaining popularity among IT professionals. At its core, ZTNA is about moving away from the traditional network-based security perimeter approach and instead focusing on the users, assets, and resources that make up a system. 

DNSFilter Achieves SOC 2 Type II Compliance DNSFilter Achieves SOC 2 Type II Compliance

When DNSFilter was founded in 2015, we had a vision to build a product that would keep people and businesses safe and secure while they were using the internet. As a part of that vision, we have also worked diligently to ensure our growing organization maintains a high level of information security.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.