amwalalghad :: Companies in Egypt need to secure DNS infrastructure against malicious domains

Your English Portal To Arab Economy

Telecom Egypt   11.48        GMC GROUP FOR INDUSTRIAL COMME   1.29        El Arabia for Investment & Dev   0.34        Modern Company For Water Proof   1.03        Ismailia Misr Poultry   2.45        Pioneers Holding   2.84        Ezz Steel   7.86        Egyptian Real Estate Group   6.85        Rakta Paper Manufacturing   4.39        Orascom Telecom Holding (OT)   3.92        Naeem Holding   0.19        Egyptian Iron & Steel   6.87        Universal For Paper and Packag   4.94        Northern Upper Egypt Developme   4.93        Canal Shipping Agencies   7.39        Misr Chemical Industries   5.65        United Arab Shipping   0.43        Egyptians Housing Development    1.94        Egyptian for Tourism Resorts   0.69        Modern Shorouk Printing & Pack   7        Upper Egypt Contracting   0.8        Egyptian Financial Group-Herme   7.42        Orascom Construction Industrie   240.82        Heliopolis Housing   21.65        Raya Holding For Technology An   4.57        United Housing & Development   8.93        International Agricultural Pro   2.1        Gulf Canadian Real Estate Inve   18.08        Alexandria Pharmaceuticals   45.71        Arab Cotton Ginning   2.46        National Real Estate Bank for    11.84        Egyptian Chemical Industries (   7.26        Six of October Development & I   15.03        National Development Bank   6.72        Oriental Weavers   20.66        Arab Gathering Investment   16.29        Egyptians Abroad for Investmen   2.75        Credit Agricole Egypt   9.04        Palm Hills Development Company   1.61        Remco for Touristic Villages C   2.13        Commercial International Bank    29.87        El Ezz Porcelain (Gemma)   1.9        Egyptian Starch & Glucose   5.4        Arab Real Estate Investment (A   0.41        South Valley Cement   3.12        Citadel Capital - Common Share   2.5        Ceramic & Porcelain   2.88        Rowad Tourism (Al Rowad)   5.05        Union National Bank - Egypt "    3.25        El Nasr Transformers (El Maco)   4.78        Egyptian Media Production City   2.31        GB AUTO   27        Sharkia National Food   3.78        Egyptian Transport (EGYTRANS)   7.85        El Kahera Housing   4.97        El Shams Housing & Urbanizatio   2.45        Egyptian Kuwaiti Holding   0.7        ARAB POLVARA SPINNING & WEAVIN   2.11        Cairo Poultry   8.32        Egyptian Financial & Industria   8        T M G Holding   4.03        Asek Company for Mining - Asco   10.66        Misr Hotels   27        Egyptian Electrical Cables   0.56        Medinet Nasr Housing   22.51        Mena Touristic & Real Estate I   1.21        ELSWEDY CABLES   18        Prime Holding   0.91        Al Arafa Investment And Consul   0.17        Alexandria Spinning & Weaving    0.74        Gharbia Islamic Housing Develo   8.41        General Company For Land Recla   16.6        Alexandria Cement   8.9        Arab Valves Company   0.94        Sidi Kerir Petrochemicals   12.4        TransOceans Tours   0.09        Egyptian for Developing Buildi   6.43        Egyptian Gulf Bank   1.24        Kafr El Zayat Pesticides   18.19        Faisal Islamic Bank of Egypt -   35.1        National company for maize pro   11.86        Delta Construction & Rebuildin   4.03        Zahraa Maadi Investment & Deve   48.25        Samad Misr -EGYFERT   3.52        Egypt for Poultry   1.41        Cairo Development and Investme   11.7        Cairo Pharmaceuticals   20.1        Maridive & oil services   0.9        Suez Canal Bank   3.75        Nile Pharmaceuticals   15.81        The Arab Dairy Products Co. AR   73.85        National Housing for Professio   14.39        El Ahli Investment and Develop   4.87        Egyptian Saudi Finance Bank   10.79        Ismailia National Food Industr   5.16        National Societe Generale Bank   25.52        Acrow Misr   19.16        Alexandria Mineral Oils Compan   63.63        Paper Middle East (Simo)   5.59        Egypt Aluminum   12.31        Giza General Contracting   13.12        Middle Egypt Flour Mills   5.82        Extracted Oils   0.6        Assiut Islamic Trading   4.56        Engineering Industries (ICON)   3.95        North Cairo Mills   15.3        Arab Pharmaceuticals   11.88        Grand Capital   5.38        El Ahram Co. For Printing And    10.68        Minapharm Pharmaceuticals   25.49        El Arabia Engineering Industri   13.52        El Nasr For Manufacturing Agri   9.71        Naeem portfolio and fund Manag   1.7        Faisal Islamic Bank of Egypt -   6.76        Natural Gas & Mining Project (   68.26        Housing & Development Bank   13.95        East Delta Flour Mills   31.5        Orascom Development Holding (A   3.22        Memphis Pharmaceuticals   11.12        Abou Kir Fertilizers   134.23        Delta Insurance   5        Cairo Investment & Real Estate   12.18        Cairo Oils & Soap   12.98        Egyptian Arabian (cmar) Securi   0.36        Egyptian Real Estate Group Bea   15.56        Alexandria Containers and good   85.51        Upper Egypt Flour Mills   45.78        Development & Engineering Cons   9.94        Sinai Cement   15.18        Medical Union Pharmaceuticals   28.01        Torah Cement   24.2        Alexandria New Medical Center   46.55        Export Development Bank of Egy   5.04        Egyptian Company for Mobile Se   92.02        Middle & West Delta Flour Mill   32.7        El Kahera El Watania Investmen   4.18        Mansourah Poultry   12.41        Delta Sugar   11.04        Misr Beni Suef Cement   41.21        Egyptian Satellites (NileSat)   6.14        Cairo Educational Services   17.75        Lecico Egypt   7.55        Sharm Dreams Co. for Tourism I   5.3        General Silos & Storage   10.77        Al Moasher for Programming and   0.66        UTOPIA   5.28        Arab Ceramics (Aracemco)   25.4        Barbary Investment Group ( BIG   0.98        

Companies in Egypt need to secure DNS infrastructure against malicious domains

Published Sunday, 05 March 2017 13:38 | Written by Ashraf Sheet

The constant creation of malicious domains has proved a cat and mouse game for threat researchers and cybercriminals. Across the world, new malicious domains are constantly being created from which cybercriminals can launch attacks against businesses’ Domain Name System (DNS) infrastructure.

During what is known as the ‘planting’ phase, the Infoblox DNS Threat Index, which monitors the creation of such domains, shows a significant increase in the number of malicious domains associated with malware and exploit kits.

In the second ‘harvesting’ phase, the attackers begin to reap the bounty from these newly created malicious domains, launching attacks on organisations’ DNS to exfiltrate data or just to wreak havoc on their victims.

Exploit kit popularity persists

A great amount of this malicious infrastructure is being used in the creation of exploit kits. This particularly disturbing category of malware is part of a growing trend of off-the-shelf, user-friendly cybercrime tools.

These tool-kits-for-hire deliver malware via drive-by download, ultimately providing cybercriminals with an opportunity to wreak great havoc on an organisation with little or no technical knowledge. Indeed, attackers using exploit kits don’t need to understand how they create or deliver the exploit needed to infect a server, and the attack itself is often facilitated by a user-friendly interface featured in the kits itself to help hackers manage and monitor their malware campaign. All of this ultimately serves to lower the technical bar for sowing malware.

It is therefore unsurprising that exploit kits have cemented their place as a popular motive for malicious domain creation.

Angler continues to reign as the most popular exploit kit. Indeed, just recently Perez Hilton, the celebrity gossip website, was hacked, redirecting its visitors to the Angler landing page which in turn exposed users to CryptXXX ransomware.

Achieving its malicious goals

These tool kits generally exploit vulnerabilities or security flaws in operating systems, browsers, and popular software such as Adobe Flash and Java. Then, just as in the Perez Hilton case, users are exposed to the kits (and their payloads) via malvertising and spam on the compromised websites.

When an exploit is successful in delivering its payload onto a victim’s device, it is then able to operate behind the service provider’s or company’s firewall. This malware can then spread across the internal network to other devices, as well as communicating back to its command-and-control (C&C) server, which enables it to download more malicious software or exfiltrate data. Often the organisation’s own DNS is used to facilitate communication between the infected device and its C&C server.

Like all command and control malware, phishing and many other threats, exploit kits use DNS to achieve their ultimate aim, whether that is data exfiltration or mass malware infection. For that reason, it has never been more important for organisations to protect their DNS infrastructure.

Securing DNS infrastructure

While DNS infrastructure is inherently a vulnerable component for organisations, effective internal DNS security solutions can turn it into a great asset for securing an organisation’s networks and data. And this is possible without having to change the existing network architecture.

Using DNS response policy zones (RPZs) on internal DNS, combined with an up-to-date threat intelligence feed of malicious destinations, enables DNS appliance to intercept those DNS queries which are associated with known malware. This effectively prevents the threat from communicating with its external C&C servers to wreak further havoc: preventing both data exfiltration using standard network protocols and malware from breeding in the network.

Furthermore, internal DNS security can identify and prevent data exfiltration using DNS tunnelling techniques by establishing query thresholds. This benchmark then enables the DNS to detect and flag any unusually large queries or responses which may contain packets of data.

With the wealth of intelligence that can be garnered both on the types of threats facing DNS infrastructure and on the malicious domains being created to exploit it, organisations in Egypt can take effective steps to prevent attack vectors from exploiting this infrastructure. And as the technical bar is lowered for attacks, as with exploit kits, whose popularity will only rise, DNS security will only become ever-more crucial.

Inherently vulnerable, yet with great potential: no organisation should overlook this vital component of network architecture and leave it unprotected. DNS is capable of being an important defence against exploit kits and other attack vectors which rely on it to achieve their criminal aims.

About the Writer:

Ashraf Sheet is a Regional Director MEA at Infoblox.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.