Malicious DNS activity plaguing enterprise networks; Infoblox
Infoblox Security Assessment report revealed four out of five networks have been targeted
Network control company, Infoblox, has released its Infoblox Security Assessment report for Q1 2016 and found 83% of enterprise networks tested by Infoblox show evidence of malicious Domain Name System (DNS) activity.
In the first quarter of 2016, 519 files capturing DNS traffic were uploaded to Infoblox for assessment, coming from 235 customers across a wide range of industries and geographies. The specific threats found were botnets (54%), protocol anomalies (54%), DNS tunnelling (18%), ZeuS malware (17%), distributed denial of service traffic (15%), CryptoLocker ransomware (13%), amplification and reflection traffic (12%) and Heartbleed (11%).
Craig Sanderson, senior director of security products at Infoblox said: "This result is consistent with what security professionals have been saying for some time: Perimeter defence is no longer sufficient, because almost all large enterprise networks have been compromised to a greater or lesser extent.
"The new mandate for enterprise security teams is to quickly discover and remediate threats inside the network, before they cause significant damage."
"The prevalence of these attacks shows the value of DNS in finding threats aimed at disrupting organisations and stealing valuable data, as well as the extent to which organisational infrastructure can be hijacked to mount attacks on third parties," added Sanderson. "The good news is that DNS is also a powerful enforcement point within the network. When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices-and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers."
Infoblox delivers network intelligence through technologies that analyse DNS traffic to help prevent data exfiltration; disrupt advanced persistent threat (APT) and malware communications; and provide context around attacks and infections on the network.