DNSFilter Seeing Increased Malicious Activity

Over the last week, DNSFilter has seen an increase in phishing attempts. In addition, we’re keeping an eye on a lot of cyber attacks that are getting reported including advanced phishing attacks, PTO phishing attacks, pig butchering and the targeted attacks on critical infrastructure.

Being a highly customizable product, administrators create policies to ensure they are in line with your organization's or clients’ needs. We encourage our customers to regularly review configured policies within DNSFilter as your needs change and as we add new options.

In order to help improve the overall security of your organization, we wanted to highlight some policy options that may not be as well known.

Let’s start with some options to block newly seen domains by DNSFilter:

  • New Domains - Domains which have been registered in the last 30 days and which have a high probability of serving malicious resources
  • Very New Domains - Domains which have been registered in the last 24 hours which have a high probability of serving malicious resources.

*Note: For a domain to be categorized as New or Very New, it needs to be seen (resolved) by DNSFilter first. 

One additional option to further increase protection for newly registered domains but not yet seen (resolved) by DNSFilter is under the Extra Settings section:

  • Block Uncategorized Sites - This setting controls whether or not to block domains that the system has not classified (including newly-registered domains). It is off by default because many Content Servers and Content Distribution Networks (CDNs) are served from domains that have no web content to scan but are important to end user experience (Office Online documents, Dropbox uploads etc)

*Note: Because the Block Uncategorized Sites category can impact the user experience, we recommend turning it on individually after a policy is applied and monitoring results.

Another option that may be helpful for any resolved domain is blocking parked domains:

  • Parked Sites & Domains - These are sites which are not displaying legitimate content, but instead are showing "Parked" pages with common search terms, "Under Construction" messages, or a list of advertisements. In some cases, these may be newly registered domains. This setting is off by default.

Lastly, with Google introducing new top-level domains, attacks are already being seen on these new domains. DNSFilter can block TLDs simply by entering the TLD (without a ‘.’) in the Block List. For example, to block the entire “.zip” TLD, you would enter “zip” in the Block List.

To summarize some suggested policy configurations:

 
Baseline Threat Protection Advanced Threat Protection
 Botnet Botnet
 Cryptomining Cryptomining
 Malware Malware
 Very New Domains New Domains
 Phishing & Deception Phishing & Deception
 Proxy & Filter Avoidance Proxy & Filter Avoidance
  Translation Sites
  Extra Settings: Block Uncategorized Sites
  Extra Settings: Parked Sites and Domains

*Note: For Advanced Protection, turn on the categories under Extra Settings individually after applying baseline protection. Watch for tickets generated from users as well as our Query Log to decide if they should remain on. Security is always a balance between protection and usability. Your users need to have enough access to get their work done, in an environment that restricts them from accessing harmful content.

Lastly, no security vendor can guarantee 100% protection, so we encourage organizations to use a layered approach for security which includes security awareness training.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Traversing the World of AI with Judy Security Traversing the World of AI with Judy Security

Raffaele Mautone, CEO of Judy Security, recently joined us for an interview session around the increasing presence of AI in cybersecurity. This insightful Q&A session sheds light on how AI is integrated into Judy Security's operations. Raffaele also touches on the broader implications of AI for the future, making a compelling case for its strategic use in both day-to-day operations and long-term security strategies.

Exploring the Security of Free Public Wi-Fi with eero Exploring the Security of Free Public Wi-Fi with eero

There is no doubt that Wi-Fi has become an essential part of our daily lives, enabling us to stay connected whether we're at home, at work, or on the go. However, the convenience of wireless networks comes with significant security risks that can compromise personal and sensitive information. 

Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition

Another exciting race weekend with Juncos Hollinger Racing and Romain Grosjean has come to a close! We co-hosted the IndyCar race at Laguna Seca road course with our pals at Pax8, our logos alongside each other on Grosjean’s No. 77 car. Clearly this teamwork paid off, with Romain finishing the race in his team-best position!

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.