Many enterprise networks show signs of malicious DNS activity

More than four fifths of recently tested enterprise networks have shown evidence of malicious DNS activity.

Those are the results of a new report by Infoblox, the network control company. It analysed 519 files capturing DNS traffic, from 235 customers in various verticals, during the first quarter of 2016. In 83 per cent of cases, 'suspicious' DNS activity was found.

The most common threats are botnets (54 per cent) and protocol anomalies (54 per cent), followed by DNS tunnelling (18 per cent), ZeuS malware (17 per cent) and Distributed denial of service (DDoS) traffic (15 per cent).

Other threats include Cryptolocker ransomware, amplification and reflection traffic, and heartbleed.

“This result is consistent with what security professionals have been saying for some time: Perimeter defence is no longer sufficient, because almost all large enterprise networks have been compromised to a greater or lesser extent,” said Craig Sanderson, senior director of security products at Infoblox. “The new mandate for enterprise security teams is to quickly discover and remediate threats inside the network, before they cause significant damage.”

DNS is a valuable asset in finding threats that target organisations and wish to steal valuable data, Sanderson added.

“The good news is that DNS is also a powerful enforcement point within the network. When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices—and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers.”

The full report can be found on this link.

Image source: Shutterstock/Sergey Nivens