How to Avoid the New DNS Hijacking Attacks

eWeek | April 22, 2019

How to Avoid the New DNS Hijacking Attacks
DNS Hijacking has been around for a while. Initially it began as a way for the bad guys to take you to a fake website so that your credit card info could be stolen, or so that you could be loaded with malware. But that’s changed to the point where you might never know that your internet sessions have been hijacked, and that your credentials have been stolen, despite using safeguards such as SSL. In some cases, even VPN sessions may not be enough to protect you. What’s happening is that the threat actors are manipulating your organization’s DNS records so that your users will find themselves going to a site operated by the malicious parties, and from there, will be directed to the site they originally intended to visit. As the traffic passes through the bogus site, the threat actors harvest your user credentials from the traffic before passing it along. Because many organizations use SSL to protect their traffic, the bad guys will also steal your SSL certificates so that their site can masquerade as your legitimate destination. There have been two recent campaigns carrying out this sort of attack. The first, found in late 2018 was called DNSpionage, and resulted in warnings from the Department of Homeland Security.

Spotlight

"Organizations constantly faces security issues as the workforce, technologies, and regulations change. And, as network perimeters dissolve, security considerations and concerns change. With more devices accessing your network, is your corporate mobile device security policy adequate and effective?

Related News

DATA SECURITY

Cybersecurity Startup BitTrap Develops Groundbreaking Detection Technology to Address Surge in Cyberattacks

BitTrap | October 05, 2021

Startup company BitTrap has announced a blockchain-based cybersecurity solution that leverages attackers' motivations to provide singular detection capabilities. This approach differs from cybersecurity paradigms that focus on trying to keep attackers from breaking in. Instead, it assumes some have already made their way inside a network, undetected, and is designed to identify them and reduce hacker dwell time in the compromised system. The system works by deploying a vast network of wallets in every endpoint or cloud instance. Each wallet contains a risk-adjusted bounty of cryptocurrency assets calibrated, based on research from the BitTrap Attacker Behavioral Labs, to ensure it will capture an attacker's attention. Collecting the bounty triggers an incident-response operation that alerts the organization of the breach, effectively causing the hacker to reveal their presence. The vulnerability can be quickly assessed and patched while avoiding ransomware and data exfiltration altogether. BitTrap began operations in 2020 after cyberattacks multiplied during the global pandemic. The company's founders, who combine decades of industry experience in cybersecurity and expertise in attacker behavior, developed the groundbreaking technology to help companies actually benefit from cyberattacks. "It is very important to capitalize on security incidents, using each opportunity to learn and prioritize efforts," said BitTrap CTO Ariel Futoransky. "We need to understand our adversaries' main motivation and use it to overcome our challenges and reduce the impact of attacks. With our unique approach, we can tackle both issues at the same time. We go a long way beyond intrusion detection or deception." The company is particularly proud of the new solution. Through the company's Attacker Behavioral Labs, Altszul said, "We intend to keep investing and developing the most sophisticated capacity in the industry to understand attacker behavior. After our initial success, we are getting ready to raise a new round of financing to fuel our expansion in the market. BitTrap CEO Jonatan Altszul About BitTrap BitTrap is a cybersecurity solution company with a groundbreaking crypto approach, changing how companies face and resolve attacks while saving money along the way. BitTrap triggers immediate alarms using risk-adjusted economic incentives to reveal vulnerabilities without compromising performance. We go far beyond deception technology.

Read More

CyCraft JP Releases AI-Driven Detection & Response Security Platform, MRI and INES Set to Distribute

prnewswire | October 18, 2020

CyCraft Japan announces Mitsubishi Research Institute, Inc. (MRI) and MRI Group's INES (Information Network Engineering & Solutions) Inc. as authorized distributors of the CyCraft AIR Platform security solutions suite. Japan is pushing to raise its cyber resilience in an effort to rapidly raise the resilience of Japanese enterprises in the coming year. CyCraft AIR uniquely provides the AI-driven technology, intuitive UI, and actionable intelligence required to provide large-scale Japanese enterprises with comprehensive endpoint and network security from beginning to end.

Read More

SOFTWARE SECURITY

Minimize Cybersecurity Risk and Relieve Overstretched Security Teams with Trend Micro Support and Service Bundles

Trend Micro Incorporated | September 07, 2021

Trend Micro Incorporated a global cybersecurity leader, today announced the launch of Trend Micro Service One, consolidating its managed services to optimize enterprise threat management. The new services bundles, which can include premium support, an early warning service, Managed XDR and incident response, help customers prevent, detect and respond to cyber threats faster by supplementing internal resources. The prevalence of cybersecurity threats and the dynamic threat landscape leave businesses vulnerable and put security experts in high demand to triage and investigate incidents. According to Aaron Sherrill, Senior Research Analyst at 451 Research, part of S&P Global Market Intelligence[1], "Security teams are struggling to understand the right approach or strategy to employ to detect and respond to advanced threats. While most organizations have a plethora of security tools at their disposal, they are creating enormous amounts of data that must be explored and inspected. It is becoming increasingly difficult to distinguish between the noise and indicators of serious threats – especially complex, distributed threats that operate low and slow to avoid detection." Over half of Security Operations Center (SOC) teams feel overwhelmed by alerts and aren't confident in their abilities to prioritize or respond to these alerts, according to a recent Trend Micro survey. Outsourcing security management significantly lightens the workloads and saves businesses from catastrophic breaches. "The weight of the world was felt by our security team as we work tirelessly to enable organization success in the digital transformation journey," said Andre Castleberry, cybersecurity manager of Hall County, Georgia. "Trend Micro's managed services have empowered our small team to manage risk and compliance at scale. Having threat experts support day-to-day detection and response for our security platform allows our employees to focus resources on serving our constituents." Trend Micro's expert threat analysis and monitoring via its different services helps fortify business risk management plans. Managed threat detection and response across a complete security platform takes the burden of threat data triage off of stretched security teams, allowing internal resources to focus on business enablement. "Security teams are stretched to the max while the business risk of cybersecurity continues to increase," said Wendy Moore, vice-president of product marketing for Trend Micro. "We want to help make our customers' lives easier while also minimizing their risk of attack. Providing better insight across the entire security platform, from product enablement, to risk monitoring and mitigation, to attack detection and response is one way we're doing that. Our proactive services that cross the threat lifecycle enables more advanced visibility and protection, helping businesses manage threats most effectively." Enterprise security requires streamlined operations with a broader perspective, including better context to hunt, detect and contain threats to best manage the business risk introduced by cyber threats. Trend Micro's powerful cybersecurity platform detects malicious activities, with threat intelligence from various sources, helping catch threats faster and improve investigations, analysis, and response times, while eliminating pressure from the SOC team so they can focus on high value activities. Leveraging Trend Micro's services adds business value by combining premium customer support with such options as: Early Warning Service scans for early indicators of compromise and then alert customers of potential threats before they cause system harm. Incident Response provides expert resources in case of a critical, active attack. Managed Detection and Response monitors alerts and logs across the entire environment, identifying and investigating events and providing ongoing threat expertise. Trend Micro is committed to supporting customers through their digital transformation journey, supporting internal resources, so customers get the most out of their security platform. About Trend Micro Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

Read More

Spotlight

"Organizations constantly faces security issues as the workforce, technologies, and regulations change. And, as network perimeters dissolve, security considerations and concerns change. With more devices accessing your network, is your corporate mobile device security policy adequate and effective?