Wednesday, August 10, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Ransomware Actors Leaning on DNS Tunneling

Researcher by Researcher
June 12, 2022
in Cybersecurity
0
CISA Warns of Attacks on UPS Devices
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


SAN FRANCISCO–Like many other forms of intrusion, ransomware attacks are constantly evolving, as defenders get better at detecting and preventing them and attackers are forced to respond and change their techniques. In an effort to stay ahead of defenders, many ransomware groups have begun employing DNS tunneling for communications and data exfiltration in recent years, a technique that can be difficult to detect.

DNS tunneling is not a new technique by any means, and has been used by various forms of malware since the early 2000s at least. The basic idea is simple, but elegant. Rather than using HTTP for C2 communications or data exfiltration, the attacker uses the DNS protocol. There are a few ways to do this, and detecting the technique typically requires defenders to dig through logs and look for anomalous queries or other indicators. It’s attractive for attackers because it’s relatively simple to do and won’t be detected by many security tools. Ransomware actors have adopted it in a big way, often using a feature in the Cobalt Strike framework to send payloads and communications through DNS responses.

“DNS tunneling is very common in ransomware attacks now,” said Artsiom Holub, a senior research analyst at Cisco Umbrella, during a talk at the RSA Conference here Thursday.

“Ransomware has evolved greatly since we first identified it years ago. Today it’s very complicated and includes multiple stages and cybercrime groups focused on initial access, creating loaders, building profiles of affected networks, and deploying the ransomware. Disrupting the flow of this kill chain can stop it or detect it early and if you know more you can do more.”

Ransomware infections, which began as mostly a nuisance in the early days, can now pose an existential threat to organizations, depending on the depth of the intrusion and the victim’s resources. Add in the potential for data theft and extortion, which many ransomware groups now employ, and any ransomware intrusion can quickly turn into a serious issue. Ransomware attackers also have sped up the timelines of their attacks in the last few months, sometimes going from initial network access to ransomware deployment in a matter of hours. Finding early indicators of an intrusion can make the difference between a small compromise and a massive, network-wide one.

“Considering the trends observed through the analysis of ransomware attack timelines, X-Force maintains that ransomware attacks will continue to increase in speed and efficiency throughout 2022,” said John Dwyer, head of research with IBM Security X-Force, last week. “X-Force recommends organizations properly invest in protection, detection, and response efforts to effectively combat the increasing speed of the attack lifecycle.”

Because Cobalt Strike has become so popular with ransomware actors, looking for indicators of its presence can be a good starting point. Golub said that in the last few years, the vast majority of the ransomware incidents he’s seen have used Cobalt Strike in some way.

“Malicious actors are lazy too sometimes and they don’t want to create a new set of tools for each attack so they reuse off the shelf tools,” he said.

“Domain and the DNS system is also being used as a covert channel for exfiltration, communications, and beaconing and if you can’t detect this, your risks are significantly higher. DNS is ancient, but it’s what the Internet is built on and it’s no going away anytime soon.”



Source link

Related articles

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
Tags: ActorsDNSLeaningRansomwareTunneling
Share76Tweet47

Related Posts

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
0

A former Twitter worker was found guilty on Tuesday of spying for Saudi officials keen to unmask critics on the...

How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
0

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. Uh-oh, you’ve...

VMware Warns of Critical Authentication Bypass Flaw

Exploit Available for Critical VMware Bug CVE-2022-31656

August 9, 2022
0

The researcher who discovered two critical vulnerabilities in VMware ONE Workspace Access has released a proof-of-concept exploit for one of...

High-Severity Flaw in Argo CD is Information Leak Risk

Privya Emerges From Stealth With Data Privacy Code Scanning Platform

August 9, 2022
0

Privya emerged from stealth mode on Tuesday with a data privacy-focused code scanning platform and $6 million in seed funding....

How older security vulnerabilities continue to pose a threat

How older security vulnerabilities continue to pose a threat

August 9, 2022
0

Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited,...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022

Recent Posts

UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly bug Cisco critical Cyber Cybersecurity Data devices Digital exploited financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open Payments phishing Ransomware RoundUp scams security Software TFT Threat vulnerability warns Week Windows zeroday

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved