Cyber Defense eMagazine February Edition for 2023

More documents

Recommendations

Info

In response to North Korean state-sponsored (Lazarus) crypto attacks also in April, the FBI, CISA and the U.S. Treasury Department issued a joint alert advising organizations to have a robust domain security solution in place that includes leveraging reputation checks and closely monitoring or blocking newly registered domains (NRDs) in enterprise traffic. More recently, the FBI issued an alert in May about Business Email Compromise (BEC), stressing the importance of strong DNS layer security to combat phishing attacks. All of this follows previous government agency directives urging organizations to take actions to bolster DNS security. DNS is the Internet protocol that translates host names, like www.amazon.com, into IP addresses. It's the phone book of cyberspace, and an organization’s weakest network link. Security officials’ increased focus on DNS layer protection comes as no surprise today, as more than 78% of breaches involve the DNS layer. DNS Threats on the Rise: Targeted Phishing and Malware Tactics The DNS layer is ripe for exploitation from a hacker’s perspective. Attackers will set up their trap, commonly in the form of malware, ransomware, and phishing scams. Then they rely on DNS servers to connect unwitting victims to malicious content. We have seen significant increases across threat types in 2022 from our global network processing more than 1 trillion queries a month. It paints a picture of targeted phishing and malware tactics. • 200% increase in malware traffic • 300% increase in phishing traffic • 1200% increase in botnet traffic • Deceptive sites that leverage the term “gov” have increased nearly 5x. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine • Phishing traffic to German sites (.de) increased 125% at the end of March. Germany continues to have one of the most-used country code top-level domains (ccTLDs) for malicious domains • At the end of April, malicious websites with “health” in the name rose 218% • A 318% spike in malicious traffic using “bank” in the domain name. Threat actors eying banks, or bank patrons, isn’t a surprise as the banking industry saw a 1318% increase in ransomware attacks in 2021. In addition to malware, phishing, ransomware, and other cyber attacks, common DNS-related threats include cryptocurrency and associated threats such as the North Korean crypto attacks. When cryptocurrency made a comeback in 2020, security was impacted in a major way because threat actors saw a new opportunity for compromise. Ransomware payments are made with cryptocurrency, because they are on the blockchain anonymously and can’t be traced. Among the common DNS-based cryptocurrency-related threats are typosquatting domains, phishing domains, cryptojacking, mining pools and DNS poisoning. According to DNSFilter’s 2021 threat Cyber Defense eMagazine – February 2023 Edition 140 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
eport, domains with the terms “bitcoin” and “nft” were more likely to house phishing schemes. Ethereum typosquatting domains favored cryptomining, with phishing a close second. Between ransomware payments, phishing attacks, and cryptojacking, crypto is playing a huge role in the threat landscape of 2022 and will have an even bigger part to play early next year. Because cryptocurrency marketplaces are popular right now, threat actors have chosen to target a distributed, easy-to-abuse threat vector that will always be attractive and remain difficult to regulate – the DNS layer. In the event of an attack, DNS layer security serves as an organization’s first line of defense. Protecting the DNS layer includes deploying security tools such as domain categorization, content filtering, and advanced threat protection from web sites that are known to host dangerous content. If a user tries to visit an unsafe web page and DNS security is enabled, the request to access the site will be denied at the DNS layer, never reaching the enterprise network. Shields Up at the DNS Layer Strategies CISA is recommending that all organizations take a “shields up” approach to proactively defend against active cyber security threats, and this certainly applies to DNS. Some of the specific actions the agencies recommend include reducing the likelihood of a damaging cyber intrusion, taking steps to quickly detect a potential intrusion, ensuring that the organization is prepared to respond if an intrusion occurs, and maximizing the organization's resilience to a destructive cyber incident. For many businesses, DNS protection forms the backbone of their secure web gateway, as it is the primary barrier against malware, ransomware, and phishing websites. It’s where policies for acceptable use are configured and managed. In legacy contexts, these two elements might be handled by a firewall. But with remote and distributed workforces, it has become much more effective to use a DNS security tool as a secure web gateway. With such an approach, organizations can detect and automatically block new DNS-based threats, create and instantly roll out policies for web access and content filtering from a central location, and inspect DNS packets used to communicate IP addresses. DNS-related threats are a major concern for organizations today, as government agencies have made clear. Protecting the DNS layer plays a pivotal role in securing every organization, as clicking an untrustworthy link is the easiest way to engage with a cyber threat. Enterprises need to take steps to address these threats to mitigate risk. A successful attack can shut down operations, steal vital information and result in sizable costs. In the event of a cyberattack, DNS layer security acts as the first line of defense. Cyber Defense eMagazine – February 2023 Edition 141 Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
Time to Build an Unhackable Interne
Page 3 and 4:
Emerging API Security Trends: What
Page 5 and 6:
@MILIEFSKY From the Publisher… De
Page 7 and 8:
Welcome to CDM’s February 2023 Is
Page 9 and 10:
Cyber Defense eMagazine - February
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Banco Banrisul’s thirty-six domai
Page 35 and 36:
Why Cybersecurity Remains a Persist
Page 37 and 38:
Robust Cybersecurity is Essential f
Page 39 and 40:
1. Facing the Cyber Crisis No compa
Page 41 and 42:
About the Author Amitabh Sinha is t
Page 43 and 44:
1. Risk Assessment Government agenc
Page 45 and 46:
8. Incident Response Plan Preventio
Page 47 and 48:
This is what happened to Dropbox la
Page 49 and 50:
trust and growth, the board can hel
Page 51 and 52:
etween governments and operators wi
Page 53 and 54:
Accelerating Machine Learning Advan
Page 55 and 56:
Secondly, MLOps platforms record al
Page 57 and 58:
Cybercriminals Are Ramping Up Their
Page 59 and 60:
Organizations should follow best pr
Page 61 and 62:
7 Biggest Cyber Attacks of 2022 By
Page 63 and 64:
4. Ex-Amazon worker convicted over
Page 65 and 66:
About Salt Communications Salt Comm
Page 67 and 68:
saw this most recently through a ra
Page 69 and 70:
CPRA/CCPA Compliance in A Cloud-Fir
Page 71 and 72:
having an excessive amount of permi
Page 73 and 74:
In the coming months and beyond, on
Page 75 and 76:
Emerging API Security Trends: What
Page 77 and 78:
malicious communication pattern thr
Page 79 and 80:
Free Consumer Apps Are Not Safe for
Page 81 and 82:
But simultaneously - and unlike ema
Page 83 and 84:
lives and works. The topic is tough
Page 85 and 86:
and tendencies. The good question h
Page 87 and 88:
others or the situation among some
Page 89 and 90: eing pushed into heavy criminalitie
Page 91 and 92: preparing and analyzing such a coll
Page 93 and 94: words, behind those high-tech crimi
Page 95 and 96: always make new and new damage if t
Page 97 and 98: References: [1] Djekic, M. D., 2017
Page 99 and 100: How Government Agencies Can Leverag
Page 101 and 102: The result leads to optimal perform
Page 103 and 104: A linchpin of Biden’s cyber-defen
Page 105 and 106: An effective observability platform
Page 107 and 108: Section 3553(h) of title 44, U.S. C
Page 109 and 110: Exchange (MX) and Name Service (NS)
Page 111 and 112: Looking Ahead to 2023: Cyber Trends
Page 113 and 114: we’re falling behind, especially
Page 115 and 116: Old vulnerabilities are not being d
Page 117 and 118: Insider Threats are a Primary Vulne
Page 119 and 120: The first step in insider threat mi
Page 121 and 122: “We’re happy to announce MIRACL
Page 123 and 124: The organisers of Europe’s most i
Page 125 and 126: usable by everyday people. I think
Page 127 and 128: Quentyn Taylor, Senior Director Pro
Page 129 and 130: SDR for Cyber Defense By Kaue Morce
Page 131 and 132: Figure 2: Cyan SDR - from Per Vices
Page 133 and 134: as it allows the SDR to capture and
Page 135 and 136: Security at the Enterprise Edge: To
Page 137 and 138: This behavior makes it essential to
Page 139: Shields Up: Organizations Need to D
Page 143 and 144: The Anti-Fraud Frontline Predictive
Page 145 and 146: Cloud vendors' features can be depl
Page 147 and 148: About the author Ryohei Fujimaki, F
Page 149 and 150: The resulting phishing sites mirror
Page 151 and 152: The javascript code in which the da
Page 153 and 154: The Top Secrets of CISOs By Pat McG
Page 155 and 156: About the Author Pat has more than
Page 157 and 158: The latest analysis shows that Nort
Page 159 and 160: What Role Can AI Play in Data Objec
Page 161 and 162: Avoiding bias Objectivity and credi
Page 163 and 164: As more and more data moves to the
Page 165 and 166: to know where a document or other r
Page 167 and 168: Cyber Defense eMagazine - February
Page 179 and 180: CyberDefense.TV now has 200 hotseat
Page 181 and 182: Books by our Publisher: https://www
show all

Cyber Defense eMagazine February Edition for 2023

Create successful ePaper yourself

Delete template?

Save as template?