In my last blog post, part 1 of this series, I discussed the important role DNS plays in protecting service provider networks from DNS amplification attacks, and the necessity of not only blocking malicious queries but also of not blocking good queries. In this post, I’ll look at Pseudo-Random Subdomain (PRSD) attacks and other malware (like phishing and ransomware), showing why DNS is perfectly suited to protect both networks and subscribers.
The importance of the DNS security protocol in general is widely understood, particularly in today’s overall security landscape. Anyone who currently manages (or has managed) caching/recursive or authoritative DNS servers knows the pain it causes when they go down. It’s bad. Without available DNS there is no internet, at least no usable internet. Generally, most, if not all applications today rely on DNS to locate resources somewhere on the internet to function. Additionally, said apps are becoming more and more reliant on the DNS.
I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum’s recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more.
One of the biggest cyberthreats making the rounds on the internet is the Mirai botnet. Mirai targets connected Internet of Things (IoT) devices, using each infected device to launch DDoS attacks and cause website outages around the globe by flooding them with queries. Examples of recent Mirai-generated web outages are the Dyn attack which took down or significantly slowed sites like Airbnb, Twitter, the New York Times, CNN, Fox News, Netflix and many other popular domains in late October of this year, as well as the attack that temporarily took down security expert Brian Krebs’ KrebsOnSecurity website in September.