We at Infoblox are pleased to publish this edition of our Quarterly Cyber Threat Intelligence Report. The Q2 2022 report includes our publicly released threat intelligence reports and cyber alerts published from April 1 to June 30, 2022. This quarter, we also share important alerts, advisories, and reports that CISA, the Federal Bureau of Investigation, and National Security Agency/Central Security Service published during this quarter.
We include special brief coverage of BlackHat 2022 which was in Las Vegas the week of August 9. Please note special spotlight in this report on Enhancing Zero Trust architecture with IPv6 Migration and DNS Security.
What’s in the Report
This publication supplements our original research and insight into threats we observed leading up to and including this period of time. Our report includes a detailed analysis of advanced malware campaigns and of recent significant attacks. In some cases, we share and expand on original research published by other security firms, industry experts, and university researchers. We feel that timely information on cyber threats is vital to protecting the community at large.
Usually, we report on specific threats and related data, customer impacts, analysis of campaign execution and attack chains, as well as vulnerabilities and mitigation steps. We also share background information on the attack groups likely responsible for the threats under review.
Here is the link to download your copy of the Q2 2022 Cyber Threat Intelligence Report.
During Q2 2022, the Infoblox Threat Intelligence Group published the following reports:
- The SMISH is Coming from Inside the House
- Newly Observed Domains & the Ukraine War
- VexTrio DDGA Domains Bring Malicious Content
- Alexa Retired Domain Rankings – Go One Better with Inforanks
Our Q2 2022 Cyber Threat Intelligence report shares research on many dangerous malware threats. Your security effectiveness depends on timely, up-to-date threat intelligence. Using tools included in Infoblox BloxOne® Threat Defense, security teams can collect, normalize and distribute highly accurate, multi-sourced threat intelligence to strengthen the entire security stack. Additional capabilities can help SecOps to accelerate threat investigation and response by up to two-thirds.
Automation plays a key role in all capabilities in BloxOne Threat Defense, accelerating remediation and eliminating management overhead. Automated responses can be triggered throughout the security ecosystem. Investigation and remediation are accelerated further with access to all relevant threat and network data available in context.
Spotlight: Enhancing Zero Trust Architecture with IPv6 Migration and DNS Security
IPv6 is the next-generation Internet protocol designed to replace IPv4, which has been in use since 1983. The worldwide demand for IP addresses has grown exponentially since the advent of IPv4, with constantly increasing numbers of users, devices (such as Internet of things, or IoT) and virtual entities that need to connect to the Internet. The result is that public as well as private IPv4 addresses have become highly constrained.
In the last few years, the momentum of implementing IPv6 has grown significantly as its superior features have become compelling. This momentum has been sustained by reducing cost, decreasing complexity, improving security and eliminating barriers to innovation in networked information systems. Many large and significant deployments of IPv6 are now in production. Some organizations are moving to IPv6- only infrastructure to reduce operational issues and costs associated with maintaining two networking regimes and, in the case of federal government agencies, to align with the recent OMB guidance.
Infoblox DNS, DHCP and IPAM (DDI) products provide support for DNS over IPv6 and visual IPAM tools for space allocation and management of IPv6 addresses. The IPAM tools automate IPAM procedures to reduce human error associated with complex IPv6 addresses and to eliminate repetitive tasks; this allows organizations to easily scale management processes across their enterprise with existing IT staff. Infoblox capabilities address the IPv6 migration issues related to taking inventory of, visually mapping and configuring network equipment. Infoblox also helps optimize performance on the network and analyze the network for internal and regulatory policy compliance.
The operation of IPv6 networks that are using our DDI is also closely integrated with our DNS security. DNS has a key role to play in a Zero Trust architecture, because it provides more-centralized visibility and control of all computing resources, including users and servers in a micro-segment, all the way to individual IP addresses. Because most traffic, including malicious, goes through DNS resolution first, DNS is an important source of telemetry that provides detailed client information and helps detect anomalous behavior and protect east-west traffic between micro-segments. DNS security can also continuously check for, detect and block C&C connections and attempts to access websites that host malware. For all of these reasons, DNS security is now a core enabler of the Zero Trust strategy.
DNS security restores DNS as an absolute Zero Trust control point where every Internet address can be scanned for potentially malicious behavior identified by integrated threat intelligence. DNS security provides a single point of control for administering and managing all environments, including cloud, on-premise, WFA and mobile devices. This provides one DNS security administration point for all security stacks, and this point can easily be integrated with SOAR and other critical cybersecurity ecosystem controls. Organizations must always be in control of and have complete visibility into DNS traffic. It is best practice that all DNS traffic be resolved by servers controlled by the organization, not by external resolvers over which the IT team has no control.
Curated, Multi-sourced Threat Intelligence
BloxOne Threat Defense provides you with access to approximately 27 different threat feeds. Curation by the Infoblox Cyber Intelligence Unit (CIU) drives accuracy while minimizing false positives and enables you to customize the mix based on your needs. BloxOne Threat Defense collects, curates and aggregates threat information from Infoblox, your other commercial tools and third-party government sources. A normalized “super-feed” can then be shared across the security stack, potentially increasing the effectiveness of every defense.
Please download the Infoblox complementary report here.
For more information about our paid threat intelligence services and products please go to https://www.infoblox.com/products/threat-intelligence/ or reach out directly to our sales team via https://www.infoblox.com/company/contact/.