DNS Security
Attackers continue to innovative their techniques to evade security. For example Strategically Aged Domains are domains that are registered in advance. The domains are reserved and left dormant for months or even years before using them for attacking campaigns to bypass security vendor reputation checks. Sometimes, it will take longer to detect when malicious activity begins as these domains have developed a benign reputation over time. Thereby, attackers gain an advantage from using these strategically aged domains for their attacks.
Palo Alto Networks Unit42 team covered the the SolarWinds supply chain attack with SUNBURST trojan back in December of 2020. The threat actors utilised strategically aged domains along with domain generation algorithms (DGA) to bypass security controls and exfiltrate identities of the compromised hosts.
DNS Challenges
DNS is fundamental to all organisations. Unfortunately, blocking DNS-based threats is a major challenge, and cybercriminals are using its pervasive—yet easily overlooked—attack surface to their advantage.
DNS is full of holes, DNS itself has been around since 1983, and is rife with vulnerabilities. It was never designed with security in mind; security features have been tacked on over the years to address glaring problems. The Domain Name System Security Extensions (DNSSEC)—a DNS feature that adds substantial security to the protocol—is extremely complex and not widely implemented.
Signatures and databases are not enough
The majority of attacks are unique and only used once. Therefore, signatures and databases are not enough…The only way to detect a threat is to analyse real user traffic inline with AI. You can seamlessly protect your DNS traffic with Palo Alto Networks Advanced DNS Security, powered by Precision AI. This cloud-based analytics platform enhances your firewall with real-time access to DNS signatures created through cutting-edge predictive analysis and machine learning. It leverages threat intelligence from a growing global community and uses domain detectors to monitor changes in DNS responses, enabling rapid detection of DNS hijacking and other threats.
