DNSFilter Seeing Increased Malicious Activity

Over the last week, DNSFilter has seen an increase in phishing attempts. In addition, we’re keeping an eye on a lot of cyber attacks that are getting reported including advanced phishing attacks, PTO phishing attacks, pig butchering and the targeted attacks on critical infrastructure.

Being a highly customizable product, administrators create policies to ensure they are in line with your organization's or clients’ needs. We encourage our customers to regularly review configured policies within DNSFilter as your needs change and as we add new options.

In order to help improve the overall security of your organization, we wanted to highlight some policy options that may not be as well known.

Let’s start with some options to block newly seen domains by DNSFilter:

  • New Domains - Domains which have been registered in the last 30 days and which have a high probability of serving malicious resources
  • Very New Domains - Domains which have been registered in the last 24 hours which have a high probability of serving malicious resources.

*Note: For a domain to be categorized as New or Very New, it needs to be seen (resolved) by DNSFilter first. 

One additional option to further increase protection for newly registered domains but not yet seen (resolved) by DNSFilter is under the Extra Settings section:

  • Block Uncategorized Sites - This setting controls whether or not to block domains that the system has not classified (including newly-registered domains). It is off by default because many Content Servers and Content Distribution Networks (CDNs) are served from domains that have no web content to scan but are important to end user experience (Office Online documents, Dropbox uploads etc)

*Note: Because the Block Uncategorized Sites category can impact the user experience, we recommend turning it on individually after a policy is applied and monitoring results.

Another option that may be helpful for any resolved domain is blocking parked domains:

  • Parked Sites & Domains - These are sites which are not displaying legitimate content, but instead are showing "Parked" pages with common search terms, "Under Construction" messages, or a list of advertisements. In some cases, these may be newly registered domains. This setting is off by default.

Lastly, with Google introducing new top-level domains, attacks are already being seen on these new domains. DNSFilter can block TLDs simply by entering the TLD (without a ‘.’) in the Block List. For example, to block the entire “.zip” TLD, you would enter “zip” in the Block List.

To summarize some suggested policy configurations:

 
Baseline Threat Protection Advanced Threat Protection
 Botnet Botnet
 Cryptomining Cryptomining
 Malware Malware
 Very New Domains New Domains
 Phishing & Deception Phishing & Deception
 Proxy & Filter Avoidance Proxy & Filter Avoidance
  Translation Sites
  Extra Settings: Block Uncategorized Sites
  Extra Settings: Parked Sites and Domains

*Note: For Advanced Protection, turn on the categories under Extra Settings individually after applying baseline protection. Watch for tickets generated from users as well as our Query Log to decide if they should remain on. Security is always a balance between protection and usability. Your users need to have enough access to get their work done, in an environment that restricts them from accessing harmful content.

Lastly, no security vendor can guarantee 100% protection, so we encourage organizations to use a layered approach for security which includes security awareness training.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Securing Public Wireless Networks Securing Public Wireless Networks

In the current era of digital transformation, securing public wireless networks has emerged as a fundamental challenge for IT professionals worldwide. The evolution of technology and the increasing reliance on digital platforms for both business and personal use have made public Wi-Fi networks indispensable. However, greater access creates greater vulnerabilities, making these networks prime targets for cybercriminals. The imperative to secure pu...

How to Secure Public Wi-Fi Networks How to Secure Public Wi-Fi Networks

In the quest to safeguard public Wi-Fi networks from the myriad of cyber threats, certain proactive steps stand out as fundamental. These measures form the backbone of a comprehensive security strategy, ensuring that the network remains robust against unauthorized access, data breaches, and various forms of cyberattacks.

What is Secure Web Gateway: What It Does, Benefits, and More What is Secure Web Gateway: What It Does, Benefits, and More

In today's world of ever-increasing cyber threats, organizations need strong defenses to protect their networks and data and in this complex digital ecosystem, we need more than just one line of defense.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.