Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

6/2/2021
04:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Farsight Security Study Examines DNS Network Traffic Volumes For Over 300 Top Second-Level Domains During Pandemic

Report looked at popular domains in 10+ categories, including government, travel and transportation, retail, videoconferencing, streaming video, social media, higher education, and news.

SAN MATEO, Calif., June 02, 2021 (GLOBE NEWSWIRE) -- In a new report released today, Farsight Security®, Inc., a leading cybersecurity provider of DNS Intelligence, provides DNS cache miss traffic volumes, from April 2020-March 2021, for more than 300 2nd-level domains in 10+ categories, including government, travel and transportation, retail, videoconferencing, streaming video, social media, higher education and news.

A 2nd-level domain, such as "example.com," usually contains an organization’s brand name and is the first point of contact Internet users have with a website. Since the volume of cache miss traffic is largely based on a domain’s popularity, the report provides a raw snapshot of Internet activity for top brands during the pandemic, from the first global lockdowns until the early days of business re-openings, and how individual organizations fared against other companies or institutions in their respective categories.

"The power of observation can only serve the needs of defense and investigation through continuous introspection," said Dr. Paul Vixie, Farsight CEO. "We periodically characterize data norms, so that data anomalies have contrast. In this report, we show that the impact of the Covid-19 pandemic on global DNS traffic was visible even given the continuous growth of the Internet itself. Security researchers can use these findings to upgrade and modernize their models and baselines in order to predict and detect threats in the years to come."

Last year, Farsight Security published a similar report, using just a two-month sample of passive DNS data during the early stages of the Covid-19 lockdown (March 2020-April 2020). The 2020 report revealed volumetric randomized subdomain Denial of Service (DoS) attacks leveraging wildcard domains. In our new study, “DNS Network Traffic Volumes During the Pandemic: April 2020-March 2021,” our research team again saw evidence of these attacks, with some domains showing traffic spikes many times (2-10x) normal levels. Summary graphs for each domain included in the report illustrate this abnormal volatility over the 12-month period.

While worldwide shelter-in-place orders and other activities taken during the pandemic may have played a role in these report results, this report does not try to "attribute" or "apportion" the change in traffic levels.

The full report, including additional findings, can be downloaded here.

About Farsight Security, Inc.
Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/, join Farsight Labs at labs.fsi.io to access our early stage and community tools, or follow us on Twitter: @FarsightSecInc.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.