DNS Security

DNS Security / Industry Updates

Searching for Smishing Triad DNS Traces

Given the ubiquity of mobile phone usage, you'd think we'd all know by now how to tell legitimate from scammy text messages. Then again, cybercriminals are always on top of their game -- learning how the latest technologies work and finding ways to abuse them.

Thawing IcedID Out Through a DNS Analysis

Evolution isn't only for humans and other living things. Apparently, malware can evolve, too, and IcedID is a good example. First detected as a banking trojan in 2017, IcedID continues to undergo updates that make it even more dangerous. In the past few months, IcedID variants have been observed to deliver ransomware payloads instead of performing its original function -- stealing financial data.

Examining WoofLocker Under the DNS Lens

WoofLocker tech support scams have been wreaking havoc since 2017 but the threat actors behind it don't seem to be done yet. In fact, the threat may have become even more resilient.

Decoy Dog, Too Sly to Leave DNS Traces?

Decoy Dog, a malware renowned for abusing the DNS, specifically by establishing command and control (C&C) via DNS queries, first reared its head most likely in early 2022. Given its sly nature, the DNS malware has been used to successfully steal data from organizations throughout Russia and other Eastern European nations.

RedHotel Attack Infrastructure: A DNS Deep Dive

We began our analysis by subjecting the domains identified as IoCs to Threat Intelligence Platform (TIP) lookups. Those allowed us to uncover these WHOIS record findings.

Finding WyrmSpy and DragonEgg Ties to APT41 in the DNS

APT41, also known as "Winnti," "BARIUM," or "Double Dragon," is an APT group said to originate from China. Having been active since 2012, APT41 rose to infamy by successfully launching targeted cyber espionage attacks on government agencies and private companies worldwide.

DNS Insights behind the JumpCloud Supply Chain Attack

Even solutions meant to enhance security can sometimes fall prey to the best cyber attackers. That's what happened to JumpCloud, a cloud-based directory service platform designed to centralize and simplify identity access management (IAM).

Signs of MuddyWater Developments Found in the DNS

Cyber espionage group MuddyWater's or Mercury's first major campaign was seen as early as 2012. But as things always go in the cybersecurity realm, threat groups, especially those that gain infamy, don't necessarily just come and go.

AI Tool Popularity: An Opportunity for Launching Malicious Campaigns?

The latest fraud data Sift published in "Q2 2023 Digital Trust & Safety Index" revealed that 78% of users are concerned that fraudsters could exploit AI tools to victimize them.

DNS Revelations on Eevilcorp

Phishing, despite its age and infamy, remains one of the top threats to corporate and personal networks alike. And it's not hard to see why -- it continues to be effective. In fact, more than a third of all data breaches today involve phishing.