• Attack Surface Monitoring
  • Oct 14, 2021
  • By QOMPLX

Attack surface risk signals: DNS records

Attack surface risk signals: DNS records

In this installment of our attack surface risk signals series, we cover the Domain Name System (DNS)

The Domain Name System (DNS) is a foundational technology of the modern Internet and World Wide Web. DNS, which dates to the early 1980s, provided a way of translating the unwieldy numeric addresses of Internet-connected systems into human-readable alternatives. Today, that nearly 40 year old technology is a pillar of the global economy: helping to translate and direct hundreds of billions of queries each day.

As demonstrated in the “DNSpionage” DNS hijacking attack campaign that spanned from 2017 into 2019, DNS is susceptible to various attacks. The type of manipulation and tampering featured in this campaign caused Internet requests to be diverted from their intended target to internet addresses controlled by the attackers. DNS compromise can also facilitate the operation of malicious software, as well as legitimate applications, or provide cover for data exfiltration and other risks to the integrity of your network, data and users.

DNS monitoring is critical for the security of your organization and external users. It’s easy to take proper DNS server functionality for granted, but without monitoring, attackers can exploit vulnerabilities without your knowledge. Monitoring this signal allows you to better understand your gaps and set off on the path to fix them.

Q:SCAN finds DNS risks

QOMPLX Q:SCAN passively analyzes public DNS records for your organization to help you mitigate any threats. We look for evidence of DNS spoofing (or “poisoning”) attacks that attempt to trick DNS resolvers into directing users to a site of the attacker’s choosing. By spotting poisoned DNS caches, Q:SCAN can warn your organization that users may have been tricked into visiting malicious websites - a key insight that can lead to further investigation.

You might also be interested in

MDR-Why does my organization need it?

MDR-Why does my organization need it?

Steve Nestler, Sales Engineer, discusses what MDR is as a technology and what the value proposition is for Small and Medium sized businesses (SMBs), and how it can help these organizations strengthen their current infrastructure against attack vectors and Bad Actors.

Read more
Lessons from the Medibank breach

Lessons from the Medibank breach

Ming Fu, a member of the Americas Pre-Sales Engineering Team at QOMPLX, looks at the much publicized Medibank breach in Australia last year, and draws a few much needed lessons based on the published findings of this breach.

Read more
Attack surface risk signals: IP reputation

Attack surface risk signals: IP reputation

IP reputation should be tracked consistently. Connections to known malicious infrastructure on the Internet is a clear indicator of risk.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.