Tag Archive for: Infoblox

Infoblox discovers rare Decoy Dog C2 exploit

/in


Domain security firm Infoblox discovered a command-and-control exploit that, while extremely rare and complex, could be a warning growl from a new, as-yet anonymous state actor.

Illustrated rat wearing sunglasses in front of a blue background
Image: andrenascimento/Adobe Stock

If you do a search for the most recent reports on Domain Name System attacks, you may have a hard time finding one since IDC’s 2021 report noting that in 2020, 87% of organizations experienced a DNS attack during 2020.

The fact that DNS isn’t front-of-mind nomenclature for many attacks that actually put DNS in the attack chain may have to do with the security alphabet soup of DNS over TLS or HTTP. As a CloudFlare report explains, TLS and HTTP encrypt plaintext DNS queries, keeping browsing secure and private.

SEE: Google’s 2FA may lack encryption, meaning unlocked doors to mobile devices

Still, Akamai’s Q3 DNS threat report noted a 40% increase in DNS attacks in that quarter last year, and 14% of all protected devices communicated with a malicious designation at least once in the third quarter last year.

Jump to:

Infoblox Threat Intelligence Group, which says it analyzes billions of DNS records and millions of domain-related records each day, has reported a new malware toolkit called Decoy Dog that uses a remote access trojan called Pupy.

Renée Burton, senior director threat intelligence at Infoblox, said Pupy is an open-source product that is very difficult to use and not well documented. Infoblox found that the Decoy Dog toolkit that uses Pupy in fewer than 3% of all networks, and that the threat actor who has control of Decoy Dog is connected to just 18 domains.

“We discovered it through our series of anomaly detectors and learned that Decoy Dog activities have been operating a data exfiltration command and control, or C2, system for over a year, starting early April 2022,” Burton said. “Nobody else knew.”

Russian hound

When Infoblox analyzed the queries in external global DNS data, the firm’s researchers found that the Decoy Dog C2 originated almost exclusively from hosts in Russia.

“One of the main dangers is nobody knows what it is,” Burton said. “That means something is compromised and someone…

Source…

Infoblox Expands Security Offerings to Help Protect Against DNS Security … – DailyFinance

/in

Infoblox Expands Security Offerings to Help Protect Against DNS Security
DailyFinance
When malware tries to connect one of these malicious domains to its botnet controller, DNS Firewall will block that connection and log the access attempt for remediation by the security team. In addition, the Infoblox With the new Infoblox DHCP

android botnet – read more