DNS Security

WhiteSnake Stealer Serpentines through the DNS

It's not unusual for data stealers to target several browsers simultaneously. Zooming in on multiple platforms at once, including email clients, gaming portals, chat apps, crypto wallets, and even VPN-protected services, however, is quite novel.

BlackCat Hacks Reddit Again, Take a Look at What the DNS Revealed

The first time the BlackCat ransomware gang breached Reddit's network last February, they phished an employee to hack into the target network. This time, according to a ReversingLabs detailed report, they successfully dropped BlackCat onto the company's systems and threatened to release its data if it fails to pay the ransom.

MOVEit Bug-CLOP Ransomware Threat Vector Identification Aided by DNS Intelligence

The beginning of the month of June, according to CleanINTERNET, marked the emergence of several zero-day attacks targeting vulnerable MOVEit servers to exfiltrate confidential data. MOVEit Transfer is a managed file transfer software that supports file and data exchange.

Tracing Truebot’s Roots through a DNS Deep Dive

On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim's computer. The result?

Alleviating the Risks .zip and Similar Domain Extensions Could Pose via DNS Intelligence

Google's announcement of the launch of the .zip ngTLD was met by a lot of debate. Many believe threat actors could abuse the ngTLD for phishing and other malicious campaigns, primarily since it could be easily confused with the .zip file extension.

Scanning for LockBit Ransomware DNS Traces

ReliaQuest named LockBit one of the most effective and undoubtedly most prolific currently active ransomware groups today. In fact, the malware topped their latest ransomware quarterly list for the first three months of 2023, a continuation of their 2022 observation.

Potential Traces of Aurora Spread Via Windows Security Update Malvertisements in the DNS

Threat actors are quite adept at changing tactics once the cybersecurity community or law enforcement catches up to them. That is evident in the recent resurgence of malvertising though no longer through users' browsers as in the past.

When Marketing Vendors Get Attacked, Clients Suffer: Third-Party Risk Discovery in the DNS

Organizations get bombarded with countless attacks from every direction, including via their supply chain. FortifyData's recent record of the top third-party data breaches in 2023 brings to light how multidirectional threat sources can be. In one of the data breaches on the list, AT&T disclosed in March 2023 that threat actors accessed the information of approximately 9 million wireless accounts through the telecommunication company's marketing vendor.

DNS Snooping on Apple iOS 14 Zero-Click Spyware KingsPawn

Last year, several governments reportedly used the NSO Group's spyware Pegasus to exploit a zero-day vulnerability in WhatsApp to spy on journalists, opposition politicians, and dissidents via their mobile devices. Apple quickly addressed the issue by launching more powerful data protection features.

Scouring the DNS for Traces of Bumblebee SEO Poisoning

Google ad or search engine optimization (SEO) poisoning has long been a favored threat actor tactic to spread malware. A recent Secureworks study of Bumblebee, which comes in the guise of a software installer, proved that once again.