Tag Archive for: domain

China Hosts More Malware Than Russia: Findings from DNSFilter’s 2021 Domain Threat Report | State

/in


WASHINGTON, Nov. 2, 2021 /PRNewswire/ — AI-driven web security company DNSFilter (www.dnsfilter.com) released its annual Domain Threat Report. Their research spans March 2020 through August 2021, but they found more than the COVID pandemic impacted end users’ interaction with malicious sites. They identified trends among sites related to cryptocurrency, unemployment, and more.

DNSFilter blocks threats in real-time at the DNS level, stopping access to malicious domains. The information collected in DNSFilter’s 2021 Domain Threat Report is backed by their proprietary Artificial Intelligence (AI) known as Webshrinker.

DNSFilter CEO Ken Carnesi writes the foreword of the threat report and notes, “2021 was the first time we truly took stock of this DNS data and recognized that sharing it will help others secure their IT infrastructure.” Carnesi believes “this report will assist organizations better understand the current, rapidly evolving, domain landscape and make better decisions when it comes to enabling DNS security.”

COVID-19, Cryptocurrency, and China—Findings from the report

According to the report, 11.47% of COVID-related queries during the pandemic were malicious—that’s more than 1-in-10. Although media coverage of the COVID-19 pandemic has recently waned, the opportunity for malicious domains capitalizing on COVID-related searches continues. The shape these threats have taken has changed, with unemployment scams (a result of pandemic benefits) in mid-2021 surging.

Cryptomining has also had a resurgence over the last year as blockchain technology and NFTs rise in popularity. Ethereum, Dogecoin, and Litecoin are more likely to be cryptomining sites, while copycat domains of Bitcoin are more likely to be phishing. 18.72% of cryptomining sites actively include terms relating to “mining” or “coin.” These sites are not necessarily hiding their intentions.

Other trends noted in this year’s report shed light on the geographic location of malicious domains. One of the more interesting findings was China is responsible for 16.69% of all malware queries on DNSFilter’s network. However, four out of five of the ccTLDs (Country-code Top-Level Domains) with…

Source…

What Is the Future of Computer Science and Cyber Security? DNS as Internet’s DNA | Paul Vixie

/in



Cyberium Domain Targets Tenda Routers in Botnet Campaign

/in


Governance & Risk Management
,
IT Risk Management
,
Next-Generation Technologies & Secure Development

AT&T Alien Labs: Hackers Used Mirai Variant MooBot

Akshaya Asokan (asokan_akshaya) •
June 17, 2021    

Cyberium Domain Targets Tenda Routers in Botnet Campaign

Malware hosting domain Cyberium has spread Mirai variants, including one that targeted vulnerable Tenda routers, as part of a botnet campaign, AT&T Alien Labs reports.

See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce

Since March, AT&T Alien Labs, which offers an open threat intelligence community, has detected a spike in active exploitation attempts on Tenda routers by MooBot, a Mirai variant that has been active since 2019. The latest campaign is targeting Tenda users by exploiting users who have not patched a remote code vulnerability in the router, tracked as CVE-2020-10987.


“At the end of March, AT&T Alien Labs observed a spike in exploitation attempts for Tenda Remote Code Execution vulnerability,” says Fernando Martinez, a security researcher at AT&T Alien Labs team. “This spike was observed throughout a significant number of clients, in the space of a few hours. This vulnerability is not commonly used by web scanners and was barely detected by our honeypots during the last six months, except for a minor peak in November.”

MooBot Campaign

The Tenda router scanning activities only lasted a day, according AT&T Alien Labs. The malicious botnet traffic originated from a single Cyberium malware hosting domain, researchers say.

The first request to victims’ machines from this hosting page was to download a malicious script, which…

Source…

CentralNic Partners with JISC to Support Critical UK Domain Infrastructure

/in


LONDON, March 22, 2021 /PRNewswire/ — CentralNic plc (AIM: CNIC), the fastest-growing company in the domain name industry, with over 45 million domains using its platforms, has been awarded a significant project by Jisc, the UK not-for-profit company whose role is to support UK higher and further education and research.

The project is to supply and support registry management software to underpin the domain name infrastructure of some of the UK’s most critical domain extensions, including .ac.uk, .gov.uk, .gov.scot, .gov.wales and .llyw.cymru.

“We are thrilled to have been awarded this project by Jisc,” said Gavin Brown, Head of CentralNic’s Registry Services division. “CentralNic’s registry software is the most sophisticated solution for domain registry management. This project win is doubly exciting for CentralNic.  As a UK-headquartered company, we are proud to be supplying the software platform that supports the Janet Network, which is crucial to UK education and research.”

The project, which will run for a minimum of three years, will see the installation of CentralNic’s registry software and the management of .gov.uk, .gov.scot, .gov.wales and .llyw.cymru domain names globally under the administration of Jisc.

“We selected CentralNic to provide the software that supports our domain name infrastructure because of its excellent technical capability and also because of its impressive track-record,” said Steve Kennett, Executive director of e-infrastructure at Jisc. “Having operated for more than 20 years, CentralNic’s software platform already supports more than 20 million domain names and hosts nearly 50% of all new-style domain names globally. This proven stability and CentralNic’s clear understanding of our requirements made it the obvious choice for technology partner.”

About CentralNic Group plc 
CentralNic (AIM: CNIC) is a global company listed on the London stock exchange that drives the growth of the global digital economy by developing and managing software platforms allowing businesses to buy subscriptions to domain names and related services, including protecting their brands online. In addition to providing core infrastructure services for the internet,…

Source…