flynas relaunches loyalty program 'nasmiles' with new incentives    HRH Crown Prince Congratulates King of Jordan on Independence Day    Saudi Ministry of Justice Launches Indicator for Financial Flow of Enforcement Applications on portal    China Stocks Gain on Economic Support Vows    942 environmental violations detected since April    Human Resources Ministry to employ 18,000 occupational health professionals    Deputy UN chief praises resilience of Bali students in face of disaster threats    North Korea fires missiles hours after Biden leaves Asia    Trump's man trounced in key Georgia primary    FBI foiled terror plot to kill George W Bush    Indians are getting fatter – and it's a big problem    Flying reptile: Remains of scary prehistoric creature discovered    Premier League approves Chelsea sale to Boehly consortium    Al-Jadaan: Saudi Arabia will 'ultimately' consider cutting VAT    Prince Fahd lauds remarkable achievements of Tabuk University    Prince Abdulaziz congratulates Al-Shaibani on scaling Mount Everest    GCC Secretary-General Meets with Minister of State for Foreign Affairs of Bangladesh at Davos Forum    Saudi Physics Team Wins 3 Global Awards in 2022 European Olympiad    SAMA governor, CMA chairman thank Saudi leadership for approving FinTech strategy    NDMC Closes the May 2022 Issuance under Saudi Arabian Government SAR-denominated Sukuk Program    Women's green futsal team wins bronze in Gulf Games    KSrelief Participates in High-Level Regional Meeting on Youth    SFDA Warns against Jif Peanut Butter Products    Saudi Stock Exchange Main Index Ends Trading Higher at 12,300.86 Points    DCO, WEF launch initiative to boost global digital FDI flows    Saudi Press: Saudi Arabia Exerts Exceptional Efforts to Achieve Security and Stability in Yemen    Saudi Deputy Defense Minister visits US Central Command headquarters    In a Report to SPA .. SDAIA: Autonomous Vehicles Will Be Commercially Available in World by 2030, Will Account for 50% of Sales after 2045    How Syrian singer Rasha Rizk dazzled millennials at Jeddah Season?    Shoura members propose equal blood money for men and women, Muslim and non-Muslim    British Investors Express Interest in Investing in Saudi Arabia's Food, Drug Market    Ithra Participates in Cannes Film Festival with New Films to Support Saudi Talents    Exclusive launching of Michael Schumacher Digital Experience at Jeddah F1 Grand Prix    Mbappé signs new 3-year PSG deal after rejecting Real Madrid    Saudi Aramco: London Championship to Witness Participation of World's Best Female Golfers    Saudi Arabia Heads to Cannes International Film Festival to Promote Country's Flourishing Industry and Support Emerging Talent on World Stage    President of SAFF Participates in AFC General Assembly Meeting    Saudi Athletes Achieve Great Victories in the 2nd Day of the GCC Games Tournament in Kuwait    Jazan Hosts West Asian Beach Soccer Championship    Bollywood actor's tweet reignited debate over Hindi as India's national language    SFDA Advises to Wash Dates Well Before Eating    SFDA Advises Against Mixing Surplus of Iftar and Suhoor with Different Foods or Surplus from Other Days    Ministry calls on imams to avoid long supplications in Tahajjud Prayer    Nothing wrong with a Muslim celebrating birthdays, says Saudi scholar    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    Pilgrims Perform Dhuhr and Asr Prayers at Arafat Holy Site    Council of Senior Scholars: Muslim Brothers' Group Don't Represent Method of Islam, rather only Follows its Partisan Objectives, Violating our Graceful Religion    Eid Al-Adha Prayer Performed at the Grand Holy Mosque    

Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.

Secure DNS infrastructure against malicious domains
Published in The Saudi Gazette on 06 - 03 - 2017

By Ashraf Sheet, Regional Director MEA at Infoblox
DUBAI — The constant creation of malicious domains has proved a cat and mouse game for threat researchers and cybercriminals. Across the world, new malicious domains are constantly being created from which cybercriminals can launch attacks against businesses' Domain Name System (DNS) infrastructure.
During what is known as the ‘planting' phase, the Infoblox DNS Threat Index, which monitors the creation of such domains, shows a significant increase in the number of malicious domains associated with malware and exploit kits.
In the second ‘harvesting' phase, the attackers begin to reap the bounty from these newly created malicious domains, launching attacks on organizations' DNS to exfiltrate data or just to wreak havoc on their victims.
A great amount of this malicious infrastructure is being used in the creation of exploit kits. This particularly disturbing category of malware is part of a growing trend of off-the-shelf, user-friendly cybercrime tools.
These tool-kits-for-hire deliver malware via drive-by download, ultimately providing cybercriminals with an opportunity to wreak great havoc on an organization with little or no technical knowledge. Indeed, attackers using exploit kits don't need to understand how they create or deliver the exploit needed to infect a server, and the attack itself is often facilitated by a user-friendly interface featured in the kits itself to help hackers manage and monitor their malware campaign. All of this ultimately serves to lower the technical bar for sowing malware.
It is therefore unsurprising that exploit kits have cemented their place as a popular motive for malicious domain creation.
Angler continues to reign as the most popular exploit kit. Indeed, just recently Perez Hilton, the celebrity gossip website, was hacked, redirecting its visitors to the Angler landing page which in turn exposed users to CryptXXX ransomware.
These tool kits generally exploit vulnerabilities or security flaws in operating systems, browsers, and popular software such as Adobe Flash and Java. Then, just as in the Perez Hilton case, users are exposed to the kits (and their payloads) via malvertizing and spam on the compromised websites.
When an exploit is successful in delivering its payload onto a victim's device, it is then able to operate behind the service provider's or company's firewall. This malware can then spread across the internal network to other devices, as well as communicating back to its command-and-control (C&C) server, which enables it to download more malicious software or exfiltrate data. Often the organization's own DNS is used to facilitate communication between the infected device and its C&C server.
Like all command and control malware, phishing and many other threats, exploit kits use DNS to achieve their ultimate aim, whether that is data exfiltration or mass malware infection. For that reason, it has never been more important for organizations to protect their DNS infrastructure.
While DNS infrastructure is inherently a vulnerable component for organizations, effective internal DNS security solutions can turn it into a great asset for securing an organization's networks and data. And this is possible without having to change the existing network architecture.
Using DNS response policy zones (RPZs) on internal DNS, combined with an up-to-date threat intelligence feed of malicious destinations, enables DNS appliance to intercept those DNS queries which are associated with known malware. This effectively prevents the threat from communicating with its external C&C servers to wreak further havoc: preventing both data exfiltration using standard network protocols and malware from breeding in the network.
Furthermore, internal DNS security can identify and prevent data exfiltration using DNS tunneling techniques by establishing query thresholds. This benchmark then enables the DNS to detect and flag any unusually large queries or responses which may contain packets of data.
With the wealth of intelligence that can be garnered both on the types of threats facing DNS infrastructure and on the malicious domains being created to exploit it, organizations in Saudi can take effective steps to prevent attack vectors from exploiting this infrastructure. And as the technical bar is lowered for attacks, as with exploit kits, whose popularity will only rise, DNS security will only become ever more crucial.
Inherently vulnerable, yet with great potential: no organization should overlook this vital component of network architecture and leave it unprotected. DNS is capable of being an important defense against exploit kits and other attack vectors which rely on it to achieve their criminal aims.

Clic here to read the story from its source.