PREDICTIVE intelligence
especially ones that are double extortion , as defined at the beginning of this article , get hold of sensitive data , such as credit card data , and send this data out in DNS queries . These queries are sent to a malicious DNS server controlled by the attacker . The server decodes the data from the queries and stores it . Data exfiltration over DNS is a sophisticated technique that allows attackers to covertly transfer sensitive data out of an organisation by leveraging the DNS protocol . By embedding data in DNS queries , or in other words creating a tunnel over DNS to transfer data , attackers can bypass traditional data loss prevention ( DLP ) tools that might block other avenues of data theft .
Proactive blocking of ransomware domains using DNS Threat Intel
The most effective way to deal with ransomware is to prevent users from accessing ransomware
The most effective way to deal with ransomware is to prevent users from accessing ransomware domains in the first place . domains in the first place . Phishing , one of the most used delivery methods for ransomware , lure users to domains owned by threat actors . Proactive identification of such domains , even before they are weaponised , is something that DNS threat intel excels at , because it can identify when domains are registered for future malicious purposes and block them , on an average of 63 days ahead of attacks .
Detecting C2 and Data Exfiltration using DNS Threat Intel and DNS Behaviour Monitoring
By monitoring DNS traffic and using DNS threat intelligence , organisations can block the C2 communications , preventing the encryption key download and the eventual encryption of data .
34 WWW . INTELLIGENTCISO . COM