Report from Infoblox highlights threat of DNS Tunneling
According to a report produced by the firm, 40% of files tested by Infoblox displayed evidence of DNS tunnelling.
Infoblox, a network control company, recently announced the results of the Infoblox Security Assessment Report for the second quarter of 2016. The report highlighted the growing threat of DNS tunnelling, which accounted for 40% of all files tested by Infloblox.
Serving as an indicator for active malware or ongoing data exfiltration within a network, DNS tunnelling enables cybercriminals to deploy malware or stolen pass information into DNS queries. This creates a covert communication channel that often enough bypasses most firewalls.
According to findings from the report, in the second quarter of 2016, 559 files capturing DNS traffic were uploaded to Infoblox for assessment. These were taken by 248 customers across a wide range of industries and geographies, and 68% of those files showed evidence of suspicious DNS activity.
Rod Rasmussen, vice president of cybersecurity at Infoblox said "In the physical world, burglars will go to the back door when you've reinforced and locked the front door. When you then secure the back door, they'll climb in through a window."
He added: "Cybersecurity is much the same. The widespread evidence of DNS tunnelling uncovered by the Infoblox Security Assessment Report for the second quarter of 2016 shows cybercriminals at all levels are fully aware of the opportunity. Organisations can't be fully secure unless they have tools in place to discover and prevent DNS tunnelling."
Among the specific security threats uncovered by Infoblox during the second quarter, ranked by percentage, are:
- Protocol anomalies - 48%
- DNS tunnelling - 40%
- Botnets - 35%
- Amplification and reflection traffic - 17%
- Distributed denial of service (DDoS) traffic - 14%
- Ransomware - 13%