03 New Hostnames - Farsight Security · 2019. 6. 25. · such as spam, malware distribution, or...

1
5 If given even the smallest window of opportunity, cybercriminals will readily exploit any Internet service, protocol, or infrastructure to support their campaigns and avoid detection. Security and IT admins play critical roles in monitoring devices and networks for indicators of such malicious activity, but there may be 5 key signs they’re overlooking. of Malicious Activity You're Overlooking Signs Want to discuss signs your organization may be overlooking? Schedule a one-on-one demo today! https://www.farsightsecurity.com/request-demo/ farsightsecurity.com +1-650-489-7919 Copyright ©2019 Farsight Security, Inc. All rights reserved. Similar to domain name creation, millions of hostnames are created every day. Adversaries have learned to use hostnames to impersonate other organizations. Known as “domain shadowing,” a new hostname can indicate an adversary has mimicked or hijacked a legitimate domain to create subdomains that can distribute malware or redirect users to other sites that host malicious content or steal customer condential information. 03 New Hostnames New domains are constantly being created, but they’re not always utilized for legitimate purposes. Bad actors often use these new domains for criminal activities such as spam, malware distribution, or botnets within the rst minutes of activating them. These new domains can bypass security rules because, without proper data and analysis, they look like blank slates. New domains should be considered dangerous and blocked for a safe period of time to prevent intrusion into your infrastructure. 01 Newly Observed Domains Bad actors often utilize a domain for malicious purposes for a short period of time before turning down the domain in an attempt to avoid detection. These domains often remain dormant for several months or years before they are reactivated for continued malicious purposes. Notication of these newly reactivated domains could be crucial in helping protect your infrastructure from malware, breach, phishing and spam campaigns. 02 Newly Active Domains With new domains constantly being created and existing ones frequently modied, the Internet and DNS are continually changing. Cybercriminals can leverage this often-overlooked fact to take over entire websites without ever directly touching them. Instead, they change DNS records to hijack domains and siphon website visitors to malicious websites. The redirected trac bypasses their hosts, leaving organizations unaware that trac is being diverted. This leaves businesses and customers at great risk. 04 DNS Changes Domain Name –> IP (IPv4 A or IPv6 AAAA) Hundreds of billions of DNS queries are made daily as users navigate the Internet. While most queries are successfully resolved, there are occasions where DNS requests can result in a NXDOMAIN (Non-Existent Domain) which signals that the Domain name is unknown to a DNS server. In best case scenarios, these reports simply show domains that may have an audience and need to be registered. In other cases, they may indicate more malicious activities such as domain name phishing, hijacking, botnet activity, or infected hosts running malware. 05 NXDOMAIN

Transcript of 03 New Hostnames - Farsight Security · 2019. 6. 25. · such as spam, malware distribution, or...

  • 5 If given even the smallest window of opportunity, cybercriminals will readily exploit any Internet service, protocol, or infrastructure to support their campaigns and avoid detection. Security and IT admins play critical roles in monitoring devices and networks for indicators of such malicious activity, but there may be 5 key signs they’re overlooking.

    of Malicious Activity You're OverlookingSigns

    Want to discuss signs your organization may be overlooking? Schedule a one-on-one demo today!https://www.farsightsecurity.com/request-demo/

    farsightsecurity.com +1-650-489-7919

    Copyright ©2019 Farsight Security, Inc. All rights reserved.

    Similar to domain name creation, millions of hostnames are created every day. Adversaries have learned to use hostnames to impersonate other organizations.Known as “domain shadowing,” a new hostname can indicate an adversary has mimicked or hijacked a legitimate domain to create subdomains that can distribute malware or redirect users to other sites that host malicious content or steal customer confidential information.

    03 New Hostnames

    New domains are constantly being created, but they’re not always utilized for legitimate purposes. Bad actors often use these new domains for criminal activities such as spam, malware distribution, or botnets within the first minutes of activating them.

    These new domains can bypass security rules because, without proper data and analysis, they look like blank slates. New domains should be considered dangerous and blocked for a safe period of time to prevent intrusion into your infrastructure.

    01 Newly Observed Domains

    Bad actors often utilize a domain for malicious purposes for a short period of time before turning down the domain in an attempt to avoid detection. These domains often remain dormant for several months or years before they are reactivated for continued malicious purposes.

    Notification of these newly reactivated domains could be crucial in helping protect your infrastructure from malware, breach, phishing and spam campaigns.

    02 Newly Active Domains

    With new domains constantly being created and existing ones frequently modified, the Internet and DNS are continually changing. Cybercriminals can leverage this often-overlooked fact to take over entire websites without ever directly touching them. Instead, they change DNS records to hijack domains and siphon website visitors to malicious websites.

    The redirected traffic bypasses their hosts, leaving organizations unaware that traffic is being diverted. This leaves businesses and customers at great risk.

    04 DNS Changes

    Domain Name –> IP (IPv4 A or IPv6 AAAA)

    Hundreds of billions of DNS queries are made daily as users navigate the Internet. While most queries are successfully resolved, there are occasions where DNS requests can result in a NXDOMAIN (Non-Existent Domain) which signals that the Domain name is unknown to a DNS server.

    In best case scenarios, these reports simply show domains that may have an audience and need to be registered. In other cases, they may indicate more malicious activities such as domain name phishing, hijacking, botnet activity, or infected hosts running malware.

    05 NXDOMAIN


Black Market Botnets

Black Market Botnets

Scientific Remote Viewing - The Farsight Institute

Scientific Remote Viewing - The Farsight Institute

Farsight HCM Engine - Amazon Web Services... · Farsight HCM Engine connects everybody in your organization with it’sMobile Self Service App. Farsight Mobile App allows your user

Farsight HCM Engine - Amazon Web Services... · Farsight HCM Engine connects everybody in your organization with it’sMobile Self Service App. Farsight Mobile App allows your user

Botnets 10 Tough Questions

Botnets 10 Tough Questions

BotNets & Targeted Malware

BotNets & Targeted Malware

FarSight Presentation

FarSight Presentation

Robert Edmonds (edmonds@fsi.io) Farsight Security, Inc.dnstap.info/slides/dnstap-whoami_oarc2015_montreal.pdf · Robert Edmonds (edmonds@fsi.io) Farsight Security, Inc. dnstap-whoami

Robert Edmonds ([email protected]) Farsight Security, Inc.dnstap.info/slides/dnstap-whoami_oarc2015_montreal.pdf · Robert Edmonds ([email protected]) Farsight Security, Inc. dnstap-whoami

Designed by Courtney Brown - Farsight

Designed by Courtney Brown - Farsight

Recorded F Farsight Security uture and · Farsight Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. Farsight collects

Recorded F Farsight Security uture and · Farsight Security Information Exchange (SIE) data-sharing platform and is engineered and operated by leading DNS experts. Farsight collects

From the Mutual Fund House of the Year - Farsight

From the Mutual Fund House of the Year - Farsight

Farsight Employee Self-Service (ESS) Portal Updates

Farsight Employee Self-Service (ESS) Portal Updates

Botnets & DDoS Introduction

Botnets & DDoS Introduction

botnets - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/botnets.pdf · Botnets • Botnets: – Command and Control (C&C) – Zombie hosts (bots) ... [Your

botnets - UW Computer Sciences User Pagespages.cs.wisc.edu/~ace/media/lectures/botnets.pdf · Botnets • Botnets: – Command and Control (C&C) – Zombie hosts (bots) ... [Your

Botnets An Introduction Into the World of Botnets Tyler Hudak tyler@hudakville.com.

Botnets An Introduction Into the World of Botnets Tyler Hudak [email protected].

Sinkholing Botnets

Sinkholing Botnets

Taming botnets

Taming botnets

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Introduction to Botnets - CCDCOE · referred to as a botnet or zombie network. ... After the Takedown . Introduction to Botnets Introduction to Botnets Organization

Botnets 101

Botnets 101

FarSight Pitch Deck

FarSight Pitch Deck

The Farsight Project - Construction Skills Queensland · The Farsight Project Construction Worker 2.0. Created Date: 12/9/2015 3:10:58 PM ...

The Farsight Project - Construction Skills Queensland · The Farsight Project Construction Worker 2.0. Created Date: 12/9/2015 3:10:58 PM ...