Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
7/5/2019 | 5:41:57 PM
Since this targets Android IOS and computing devices, from the report, this is a WannaCryptor Ransomware issue is evolving based on past attacks . A good write-up is the WannaHydra Removal Report.
Kevin Mitnik stated the way to get the keys from WannaCry would be to capture the systems memory before rebooting the machine (if possible). The keys are found in the systems' memory by imaging the system. For those of us who cannot get to the system, then a reboot is required. WannaHydra, this variant is going to provide additional methods of exploitation from the the data gathered, there is no longer an absolute way of eradicating this threat.
An alternative would be to install a HIDS system on your machine that checks for anomalies associated with files that you open up. Some tools like "Comodo" will allow the user to put those files iand allow the user to run these files in a virtual container. The user could also perform Geo-IP Blocking based on the logs. Certain customers use SonicWall, PaloAlto, Juniper, Cisco, PowerShell using Firewall rules and now I am finding we can utilize IPtables to do the same thing from a Linux perspective to limit the command and control access (Inbound and outboud).
So if we are looking at the phone or computer, identifying the characteristics of a file, how it executes and is the file communicating with remote countries is essential in protecting the operations of any device. ML will help with determining the characterists of a file (application learning process) and its intentions (HIDS should give the user a level of protection with this aspect but there needs to be more intelligence around file execution, ML will address this).
HIDS (Host Based Intrusion Detection Systems) - Comparison Chart
Todd