You’ve Been Hacked: Infoblox Finds 4 out of 5 Enterprise Networks Could be Compromised, Based on DNS

Share On Facebook
Share On Twitter
Share On Linkedin

I’m a fan of “Game of Thrones,” with all of its sword fights, dragons and mysterious magic. So it shouldn’t be a surprise that I sometimes think of IT security in terms of a medieval castle under siege. The defenders –network and security teams – build walls and dig moats to protect their organizations while the attackers – cybercriminals – devise clever ways to break through.

Back in the Middle Ages, the typical defense was to build higher, thicker walls. Sadly, that tactic will not work in modern, porous IT networks which have their own secret (DNS) tunnels that can be used to sneak out the crown jewels. Domain Name System (DNS) activity has proven to be a great indicator of malicious activity on IT networks, as illustrated by our announcement today of the Infoblox Security Assessment Report for the first quarter of 2016.

We found that four out of five enterprise networks – 83 percent, to be precise – showed evidence of malware activity abusing DNS.

Infoblox offers free security assessments to our customers and prospects, where organizations give us files capturing recent DNS traffic on their networks. We run these files through Infoblox DNS Firewall and Infoblox Advanced DNS protection products to look for suspicious activity. External threat data from these evaluations is anonymized and aggregated to produce the Infoblox Security Assessment Report.

In the first quarter of 2016, 519 files capturing DNS traffic were uploaded to Infoblox for assessment, coming from 235 customers across a wide range of industries and geographies. As I said, we found evidence of suspicious activity in 83 percent of those files, including these specific threats:

  • Botnets – 54%
  • Protocol anomalies – 54%
  • DNS tunneling – 18%
  • ZeuS malware – 17%
  • Distributed denial of service (DDoS) traffic – 15%
  • CryptoLocker ransomware – 13%
  • Amplification and reflection traffic – 12%
  • Heartbleed – 11%

Returning to the siege metaphor, the attackers are succeeding in designing catapults powerful enough to send rocks over the highest walls. Defenders can’t survive just by adding to their walls – they need to focus on quickly discovering and remediating threats inside the network, before they cause significant damage.

Infoblox can’t sell you a Valyrian steel sword to smite your enemies, but we can help identify and deflect DNS-based threats, as well as make DNS a powerful enforcement point within your network. You can find more information on Infoblox security solutions at www.infoblox.com/security.

The full Infoblox Security Assessment Report for the first quarter of 2016 is available at www.infoblox.com/resources/report/infoblox-security-assessment-report-2016-q1. If you want a free Infoblox security assessment for your organization, go to www.infoblox.com/free-malware-report.

May your network be protected by the old gods and the new!

Labels:

Craig Sanderson

Principal Cyber Security Strategist at Infoblox

Craig Sanderson is the Principal Cyber Security Strategist at Infoblox. Craig has over 25 years of experience in the CyberSecurity industry with a broad array of roles ranging from consultancy, security architecture, business development and product management. Over the last seven years, Craig has been responsible for creating the vision, strategy and delivered the execution of the Infoblox BloxOne Threat Defense solution. He continues to be passionate about the role that DNS can play in delivering world class cyber security with a particular emphasis on how DNS can become the foundation for national and governmental Protective DNS solutions

View All Posts
×