Four out of five enterprise networks show evidence of malicious DNS activity

Infoblox has published ed results of the Infoblox Security Assessment Report for the first quarter of 2016, which finds that 83 percent—more than four out of five—of enterprise networks tested by Infoblox show evidence of malicious DNS activity.

  • 8 years ago Posted in
Infoblox, an industry leader in securing Domain Name System (DNS) infrastructure, offers free security assessments to customers and prospective customers, identifying DNS queries inside an organisation’s network that are attempting to reach known malicious or suspicious domains. External threat data from these evaluations is anonymised and aggregated to produce the Infoblox Security Assessment Report.
 
In the first quarter of 2016, 519 files capturing DNS traffic were uploaded to Infoblox for assessment, coming from 235 customers across a wide range of industries and geographies. Infoblox found 83 percent of the files showed evidence of suspicious DNS activity.
 
“This result is consistent with what security professionals have been saying for some time: Perimeter defence is no longer sufficient, because almost all large enterprise networks have been compromised to a greater or lesser extent,” said Craig Sanderson, senior director of security products at Infoblox. “The new mandate for enterprise security teams is to quickly discover and remediate threats inside the network, before they cause significant damage.”
 
Among the specific threats found in files during the first quarter, by percentage, are:
 
·         Botnets – 54%
·         Protocol anomalies – 54%
·         DNS tunnelling – 18%
·         ZeuS malware – 17%
·         Distributed denial of service (DDoS) traffic – 15%
·         CryptoLocker ransomware – 13%
·         Amplification and reflection traffic – 12%
·         Heartbleed – 11%
 
“The prevalence of these attacks shows the value of DNS in finding threats aimed at disrupting organisations and stealing valuable data, as well as the extent to which organisational infrastructure can be hijacked to mount attacks on third parties,” said Sanderson. “The good news is that DNS is also a powerful enforcement point within the network. When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices—and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers.”
 
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...