1
INTERNET DOWN Shining a Light on the Dark Side of DNS When left unprotected, DNS can turn its back on enterprises Spoofing IP addresses is a common technique that creates a fake IP address to hide the identity of the sender. Large text records are being used to amplify DDoS reflection attacks Distributing queries to open DNS resolvers in addition to spoofing IP, overwhelms servers with responses causing DDoS attacks. The most common domain for this is cpsc.gov. Attackers are using backdoors to slide into networks Internal enterprise devices can be an unsuspecting target. 33% of organizations have more than 1,000 shadow IoT devices connected to their networks every day. DNS isn’t all bad - it can help illuminate and prevent attacks DNS security prevents the spread of malware and data exfiltration by: DNS infrastructure is critical to business organizations, but is too often taken advantage of by malicious actors. Here’s a look at the ways DNS threats are evolving. DNS ✔ Disrupting the cyber kill chain on and off premises ✔ Blocking data exfiltration with a combination of reputation, signatures and behavioral analytics ✔ Gaining comprehensive visibility into the network
