THREAT PROTECTION

DNS poisoning. DNS cache poisoning. DNS spoofing. Many names for the same thing: A way for threat actors to insert false DNS records to route traffic intended for a legitimate domain to a fake one. It's called “poisoning” because the false entry (the poison) is injected into the system at a single point and can spread throughout the system, affecting other points. This results in the end user attempting to access a usually safe site, like twitter.com, and getting redirected to the spoofed version. Often, you're taken to a login page where you're asked to submit credentials. In this scenario, you're giving away your Twitter account to the attacker. Once the attacker harvests your login credentials, they redirect you to the original Twitter website to continue your session.

Unfortunately, a good DNS poisoning attack will go completely unnoticed to the end user. There will be no visible differences between a real Twitter login page and the spoofed one. This allows the attacker to take advantage of the user’s ignorance to steal sensitive information. Another way a DNS poisoning attack can appear to an end user is when the domain refuses to load. This is done by attackers to frustrate the users of a service or cause harm to the business of that service. The attacker can substitute the IP address of the original domain with one that is not publicly accessible or simply spoof a “Not Found” page. Governments like China have also been known to spoof domains on their global block lists. In most of these cases, the end-user will likely never know they were the victim of DNS cache poisoning.

There are multiple actions you can take to prevent DNS poisoning. - Implement DNSSEC: DNSFilter fully supports DNSSEC, but proper configuration is key.

- Disable Dynamic DNS: While not everyone is able to disable Dynamic DNS because of their ISP, disabling it or never implementing it is another way to mitigate DNS poisoning.

- Encrypt DNS data: We support both DNS-over-HTTPS and DNS-over-TLS. And of course, you should run regular system updates to ensure you have no newly detected vulnerabilities.

“Malware” is short for “malicious software” meant to harm or exploit a service, network, or device usually for financial gain. These malicious attacks can be used to exfiltrate data that can then be sold on the darkweb, to hold the data ransom (as in ransomware attacks), or in outright destruction of valuable data.‍

Ransomware, malvertising, worms, spyware, viruses, trojans—malware is a broad term that includes all of these threat types and more.

Because of the wide range of possible malware attacks, downtime, and costs can vary dramatically. However, according to Accenture, the average cost of a malware attack on a company is $2.6 million.

Malware can spread through a variety of avenues. One of the most effective ways of deploying malware is to host it as a forced download on a website domain and promote it through a phishing or social engineering attack. Standing up malicious URLs is an incredibly easy and effective way to spread malware. The threat actors usually take advantage of existing sites and hack them to host their malware.

Once someone unknowingly downloads any type of malware, it will usually “callback” to a host server for further instructions. It does this via DNS; these “callback” signals can be blocked if DNS security is in place. The instructions the malware receives will depend on what type of malware it is: Ransomware, spyware, adware, virus, etc.

Sometimes the malware will act immediately to make itself known, while other times it might stay on your device or network and quietly gather data for a long period of time.

All organizations need to be prepared for a malware attack. Robust backups, application layer encryption, training, anti-virus, password managers, and multi-factor authentication will all aid you in the fight against malware. But one of the best ways to combat a malware attack is to block threats at the DNS layer.

DNS security not only blocks domains hosting malware, but will also stop “callbacks” from malware to host servers. This disables the ability for malicious software to be deployed and take over your computer in the event a malware package is deployed on your computer.

Take a zero-trust approach to cybersecurity, and put your company in a position to minimize the possibility of intrusion. When DNS protection is in place, it can mitigate 33% of all data breaches. It’s a lightweight but powerful layer that will keep you and your employees safe.

Traditional ransomware is a type of malware that renders a device (or files and applications on that device) unusable unless the owner pays a ransom to hackers. The device owners are then in the difficult position of either choosing to pay the ransom in exchange for a decryption key (without a clear guarantee they will receive the decryption key) or revert systems to backups and avoid paying the ransom altogether. ‍

However, in some cases, backups may be impacted, or companies may not have robust enough backups to restore all of their systems.

Getting fully back online after a ransomware attack can take days or even months. In the midst of a ransomware attack, as the organization decides between paying the ransom or rebuilding its systems, many companies need to rely on paper files. Hospitals and government agencies are particularly vulnerable to ransomware attacks, impacting critical systems that may directly result in fatalities.

One major way ransomware is spread is through malicious URLs. These URLs can be shared in emails, SMS text messages, on chat forums like Discord or Slack—even in advertising campaigns on reputable websites.
‍
These websites can host drive-by-downloads where just visiting a site force-downloads malicious software onto your computer that will initiate a ransomware attack.
‍
Phishing campaigns and social engineering are also responsible for spreading ransomware. Fake social media accounts or too-good-to-be-true deals will often point users to malicious URLs, forcing malware downloads. Phishing emails are responsible for 54% of ransomware infections.
‍
Another way ransomware can spread is through malicious attachments, which sometimes will trigger a DNS request.

It’s important that every organization be prepared for a ransomware attack. Robust backups, application layer encryption, training, anti-virus, password managers, and multi-factor authentication will all aid you in the fight against ransomware. But one of the best ways to combat a ransomware attack is to block threats at the DNS layer.

DNS security not only blocks domains hosting ransomware, but will also stop “callbacks” from malware to host servers. This disables the ability for ransomware to be deployed and take over your computer in the event a ransomware package is deployed on your computer.

‍

Take a zero-trust approach to cybersecurity, and put your company in a position to minimize the possibility of intrusion. When DNS protection is in place, it can mitigate 33% of all data breaches. It’s a lightweight but powerful layer that will keep you and your employees safe.

Threat actors use typosquatting because they're relying on internet users to make mistakes. You'll mistype a domain name and find yourself on a site that looks like the one you wanted to land on anyway. If you looked closely at the URL you entered, you'd likely realize the mistake. But the goal here is to look identical to the original site it is mimicking. Typosquatting domains are traditionally used in phishing attacks. Amazon, Microsoft, and banking sites are popular victims of typosquatted phishing domains because they can direct users to login pages they're familiar with and steal their valuable credentials. Other uses for typosquatting include spreading malware. By using a familiar domain name (often swapping the TLD .com for .info or .top), they can bypass advertiser restrictions and trick end users. These ads often lead to malware, also known as malvertising. Typosquatting domains may also be used to sell knockoff brands (like Addidas). The possibilities for these copy cat domains are nearly endless, and hackers are using the ability to capitalize on typos to their advantage.

Phishing is one of the most common tactics used by hackers to gain access to data. And typosquatting plays an important role in phishing. Large organizations are often targeted with spear phishing campaigns that are personalized for the company’s security team. Threat actors will register domains similar to technology used by those companies, or similar in name to the company itself. Depending on the attack, it might come from m1cr0soft[dot]com (similar to a vendor you might use) or company-name-here[dot]info (a copycat version of your own domain name). Phishing attacks have moved from targeting individuals to going after organizations. That's part of why typosquatting has become important to phishers: They're targeting professionals with some cybersecurity awareness. They need to do everything they can to go undetected. While large companies with resources are a lucrative target, 1 in 4 data breaches in the US in 2020 involved a small company. Every organization, no matter its size, is at risk.

New domains are the biggest threats when it comes to phishing and typosquatting attacks.
‍
With DNS Security, typosquatting domains can be blocked by filtering out malicious websites that have never even been seen before.
‍
Every new link you encounter in the course of the day has the possibility of being a phishing website or other malicious site—especially sites that have only been registered in the last 30 days. You can protect your company and your employees by implementing PDNS and blocking new and uncategorized domains, in addition to known phishing sites.
‍
Take a zero-trust approach to cybersecurity, and put your company in a position to minimize the possibility of intrusion. When DNS protection is in place, it can mitigate 33% of all data breaches. It’s a lightweight but powerful layer that will keep your entire organization safe.