Free Newsletters for the Channel
Register for Your Free Newsletter Now
In today’s threat landscape, the idea that no one is an island holds true for threats.
March 12, 2021
A majority of Cisco customers encountered DNS activity last year, with high percentages of phishing, malvertising, malicious spam, trojans and more.
Cisco’s Threat Trends: DNS Security report analyzed data from Cisco Umbrella, the company’s cloud-based network security platform.
DNS, or domain name system, connects browsers to websites. DNS can be an attractive mechanism for malicious activities.
Among the DNS activity findings: Users in 70% of organizations got malicious browser ads. Furthermore, 51% of organizations encountered ransomware-related activity. Another 48% found information-stealing malware activity.
Cisco’s Ben Nahorney
Ben Nahorney is a threat intelligence analyst at Cisco Security.
“In today’s threat landscape, the idea that ‘no one is an island’ holds true for threats,” he said. “The most prevalent attacks these days leverage a variety of threats at different stages. For example, let’s look at how Emotet is often delivered by phishing in order to deploy Ryuk as a payload. If you find one threat within your network, it’s wise to investigate what threats have been observed working in tandem with it and take precautionary measures to prevent them from causing further havoc.”
Austin McBride is a data scientist at Cisco Umbrella.
“What I want to highlight most would be the growth in usage of multi-staged attacks,” he said. “If you get hit with Emotet, there is a good chance you could get hit with follow-up malware like ransomware. So, if you see Emotet or Ursnif/Gozi in your logs, you might want to be on the lookout for follow-up malware.”
Cisco’s Austin McBride
Cryptomining impacted some 69% of organizations. That means at least one endpoint within an organization attempted to mine cryptocurrency above a minimum threshold.
“Organizational impact depends on the extent of mining happening in that environment,” McBride said. “At its most basic level, cryptomining can reduce the life of your hardware, clog your bandwidth, and drive up your AWS compute costs depending on how the miner has been configured. In the worst-case scenario, a malicious actor infiltrated your environment and set up a miner to make passive income while they perused your environment for data to exfiltrate or to exploit your environment further with follow-up malware. Bottom line, if you see a lot of cryptomining traffic, you should investigate to avoid a potential indicator of compromise (IOC).”
Our slideshow above shows the list of malicious DNS activity.
Read more about:MSPs
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024