We just conducted our monthly Cyber Insider discussion, this time focusing on what deep analysis of new core domains reveals about new threats and zero-day malware. As a company that processes 1.7 trillion DNS queries a day and analyzes 100 billion queries a day from our global service provider customers, we are in a unique position to gain insights.
For many years ISPs in certain parts of the world have been required by their regulators/governments to redirect certain websites that were deemed malicious or suspicious. DNS offered a straightforward way to do this; and Nominum, being a DNS company, developed an early mechanism using a DNS zone file that made it simple for ISPs to comply. The technology was originally named “Malicious Domain Redirection” (MDR), and it basically allowed DNS server operators to perform a single action for a given domain name. Actions could be categorized so that each action or redirection did not have to be repeated.
I recently sat down with Steve Saunders of Light Reading to talk about the role DNS plays in understanding and fighting emerging cyberthreats. In the interview, we went through the highlights of Nominum’s recent Data Science report, in which our Data Science team studied more than 15 trillion queries over a three-month period and reported on the world of cybersecurity through the lens of DNS, uncovering trends in phishing attacks, DDoS, the Mirai botnet, Locky ransomware, IoT-based threats and more.