By now most of you would have tried to find out if your data was compromised by the massive Equifax data breach that was reported on September 7. Equifax is one of the “big-three” U.S. credit bureaus and it reported a data breach that may have affected 143 million Americans, compromising valuable personally identifiable information like social security numbers, birth dates, addresses and in some cases driver’s license numbers. The perpetrators had been dwelling in Equifax’s networks from May through July 2017 during which time they had access to the sensitive information.
While the breach itself is of catastrophic proportions, in the aftermath, several bogus and malicious sites have cropped up that could further add fuel to the fire, so to speak. These sites “claim” to help customers find out if their data is compromised. In an attempt to take action post breach, unsuspecting users are entering their personal information, which can then be used by the bad actors.
53 Malicious Sites Related to Equifax breach detected
The Infoblox threat research team has detected 53 such fraudulent domains targeting Equifax customers and we have added them to our threat intelligence feed for blocking. Our customers have this intelligence and their users will be prevented from communicating with these fraudulent domains.
Infoblox threat intelligence data benefits include:
- Timely – ensure that data is most current and delivered when required
- Reliable – data is curated by research team
- Accurate – data sets < .01% historic false positive rate
- Contextual – why domain is a threat and related threat indicators
- Easy-to-use – multiple output formats (JSON, CSV, RPZ, etc.) supported for third-party integration
Defense-in-depth
Such data breach incidents highlight the need for organizations to put in a defense-in-depth strategy that protects every avenue and plugs any holes in their security architecture. DNS is one such security gap in organizations and is often exploited by cyber criminals. In addition to ensuring proper network hygiene, and timely patches, investing in a DNS security solution that uses high quality, aggregated and curated threat intelligence can help prevent users from accessing fraudulent domains or communicating with C&C (command and control) sites.
Infoblox’s Data Exfiltration and Malware Mitigation solution can help disrupt the cyber kill chain and stop DNS based data exfiltration using a combination of reputation, signature, and unique behavioral analytics to detect known and zero day threats. It also provides deep visibility into infected endpoints wherever they reside—on premises, roaming, or in remote offices.
To see how Infoblox can help, try ActiveTrust® or ActiveTrust® Cloud free for 30 days.
