Connect with us

Gadgets & Technology

Infoblox Uncovers DNS Malware Toolkit & Urges Companies to Block Malicious Domains

Published

on

  • Infoblox releases report findings on “Decoy Dog” and collaborates across the industry to help raise awareness and problem solve
  • Command-and-control (C2) domain over DNS went undiscovered for a year as part of a single toolkit
  • Threat spotlights dangers of malware traffic on networks and importance of a DNS security strategy
  • Infoblox BloxOne® Threat Defense protects customers from these suspicious C2 domains

Infoblox Inc., the company that delivers a simplified, cloud-enabled networking and security platform for improved performance and protection, published a threat report blog on a remote access trojan (RAT) toolkit with DNS command and control (C2). The toolkit created an anomalous DNS signature observed in enterprise networks in the U.S., Europe, South America, and Asia across technology, healthcare, energy, financial and other sectors. Some of these communications go to a controller in Russia.

Coined “Decoy Dog,” Infoblox’s Threat Intelligence Group was the first to discover this toolkit and is collaborating with other security vendors, as well as customers, to disrupt this activity, identify the attack vector, and secure global networks. The critical insight is that DNS anomalies measured over time not only surfaced the RAT, but ultimately tied together seemingly independent C2 communications. A technical analysis of Infoblox’s findings is here.

“Decoy Dog is a stark reminder of the importance of having a strong, protective DNS strategy,” said Renée Burton, Senior Director of Threat Intelligence for Infoblox. “Infoblox is focused on detecting threats in DNS, disrupting attacks before they start, and allowing customers to focus on their own business.”

As a specialized DNS-based security vendor, Infoblox tracks adversary infrastructure and can see suspicious activity early in the threat lifecycle, where there is “intent to compromise” and before the actual attack starts. As a normal course of business, any indicators that are deemed suspicious are included in Infoblox’s Suspicious domain feeds, direct to customers, to help them preemptively protect themselves against new and emerging threats.

Threat Discovery, Anatomy & Mitigation:

  • Infoblox discovered activity from the remote access trojan (RAT) Pupy active in multiple enterprise networks in early April 2023. This C2 communication went undiscovered since April 2022.
  • The RAT was detected from anomalous DNS activity on limited networks and in network devices such as firewalls; not user devices such as laptops or mobile devices.
  • The RAT creates a footprint in DNS that is extremely hard to detect in isolation but, when analyzed in a global cloud-based protective DNS system like Infoblox’s BloxOne® Threat Defense, demonstrates strong outlier behavior. Further it allowed Infoblox to tie the disparate domains together.
  • C2 communications are made over DNS and are based on an open-source RAT called Pupy. While this is an open-source project, it has been consistently associated with nation-state actors.
  • Organizations with protective DNS can mitigate their risk. BloxOne Threat Defense customers are protected from these suspicious domains.
  • In this case, Russian C2 domains were already included in the Suspicious domains feeds in BloxOne Threat Defense (Advanced) back in the fall of 2022. In addition to the Suspicious Domains feed, these domains have now been added to Infoblox’s anti-malware feed.
Advertisement

Latest

Sports2 months ago

Continental Racing: Emirati Team Clinches Victory in GT4 Class at the Hankook 24H Dubai

In a weekend filled with high-octane excitement, the celebrated Hankook 24H Dubai race returned to the famed Dubai Autodrome, continuing...

Art & Culture2 months ago

du achieves the Best Culture & Employee Engagement in the Region with 81% Rating in Glint’s Index

du, from Emirates Integrated Telecommunications Company (EITC), today announced results of the Culture & Employee Engagement Index survey conducted through...

Food & Beverages2 months ago

Dinner on the Beach: A Culinary Journey with French Flair at Drift Beach Dubai

This Valentine’s Day, DRIFT introduces a captivating experience – Dinner on the Beach. For the first time at DRIFT, relish...

Travel & Tourism2 months ago

Readers are rewarded at emirates airline festivals of literature

Emirates Airline Festival of Literature kicked off the first day of their 2024 edition with a ceremony to honour the...

Events & Happenings2 months ago

Abu Dhabi Festival 2024 Honors Giacomo Puccini’s Legacy With Spectacular Gala Concert

In the presence of H.H. Sheikh Saud bin Saqr Al Qasimi, Supreme Council Member and Ruler of Ras Al Khaimah,...

Healthcare2 months ago

Emirates Health Services concludes its successful participation in Arab Health 2024

Emirates Health Services, the exclusive partner in healthcare services, successfully concluded its participation in Arab Health 2024, which concluded on...

Automotive2 months ago

Ride in Style: Don’t Miss Out on Arabian Automobiles’ Renault Duster Offers

Renault of Arabian Automobiles, the exclusive Renault dealership serving Dubai, Sharjah, and the Northern Emirates, and a flagship company within...

Information & Technology2 months ago

Emirates Post Group Unveils New Brand Identity ‘7X’ for Future

Emirates Post Group Company (EPG) has unveiled its new brand identity – 7X – during an exclusive event at Madinat...

Health & Fitness2 months ago

Emirates Health Services “Basma” Project Addresses Healthcare Requirements in 313 Schools

Dr. Shamsa Majid Lootah, Director of the Public Health Department at Emirates Health Services (EHS), announced the launch of the...

Health & Fitness2 months ago

MoHAP hosts panel discussion on Nursing future at Arab Health 2024

"Nursing… Ambitious Future Insights"

News2 months ago

‘Vilal Housing’ to deliver 50 Residential Villas by 2024 to its Clients in the UAE

The nation-wide company constructs homes exclusively for UAE citizens across 7 emirates

News2 months ago

Statement by Ahmad bin Meshar Al Muhairi, Secretary General of SLC

on the Anniversary of His Highness Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum’s accession as the Crown Prince of...

Automotive2 months ago

Audi Middle East and Museum of the Future enter 3rd year of partnership, with the showcase of the revolutionary activesphere concept

Audi Middle East and Museum of the Future have announced the arrival of the revolutionary activesphere concept car, marking a...

News2 months ago

Watani Al Emarat signs MoU with Emirates Society for Parent Care and Relief

To strengthen collaboration in organizing and supporting the senior citizen community

News2 months ago

Global Village announces second Geely Raffle Draw for a chance to win a Flagship Geely Tugella

Raffle participation will run until March 7th, and winner will be announced at Global Village on March 8, 2024 from...

Advertisement

Trending