By Ellen Messmer, Network World | August 5th, 2014
‘Dynamic DNS’ also becoming exploited by cyber-criminals for botnet operations.
In its semi-annual threat report out today, Cisco points to an “unusual uptick” in attacks on media and publishing, putting that sector the top target for malware.
For the first half of 2014, media and publishing sites had the dubious distinction of being in first place in terms of visitors being at risk for malware, sometimes because the sites were serving up “malvertising” instead of advertising. Malvertising often works by trying to re-direct browsers through methods such as iFrame attacks to force them to links elsewhere, says Levi Gundert, technical lead for Cisco’s threat research, analysis and communications group.
Another trend identified in the report, which analyzes threat data through use of sensors and intelligence gathered through Cisco cloud security services, is the rise of so-called “Dynamic DNS” services by cyber-criminals to help them flexibly serve up malware.
Services such as Dyn DNS and NoIP, for example, which are operated legitimately, are being exploited by criminals to a high degree as part of their botnet operations. For the enterprise customer, this means there’s clear cause to view Dynamic DNS as a suspicious event in logs and perhaps block it. “The correlation is so high,” says Gundert. “Businesses are blocking handfuls of Dynamic DNS.”