Authored by: – Padmini Kao, Executive Vice President, Engineering – Mukesh Gupta, Senior Vice President and Chief Product Officer As a leader in cloud networking and cybersecurity services, Infoblox is proud to demonstrate our dedication to advancing cybersecurity by signing CISA’s Secure by Design pledge. DNS (Domain Name System) is the backbone of every network. Infoblox is the pioneer and industry leader in DNS and related services (DHCP & IPAM) that make all network interactions possible. Infoblox is also the leading creator of DNS threat intelligence. We are committed to innovating ar ..read more

What You Need to Know Earlier in February 2024, the Cybersecurity and Infrastructure Security Agency (CISA) put out an alert on Volt Typhoon. Volt Typhoon, also known as Bronze Silhouette, is a People’s Republic of China (PRC) state-sponsored actor that has been active since at least 2021. Volt Typhoon has in the past focused on espionage and information gathering and has targeted critical infrastructure organizations in the US including Guam. Volt Typhoon has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands-on keyboard activities, and stolen creden ..read more

DNS Early Detection – GoldFamily Malware Uses Deep Fake AI Photos to Breach Bank Accounts Cybersecurity researchers have discovered activity by a new group of dangerous trojans called GoldPickaxe, an evolution of the previously identified GoldDigger trojan. In this analysis, we refer to this group as GoldFamily. GoldFamily specifically targets iPhone and iPad users to steal facial recognition data and gain access to their bank accounts. The use of AI by GoldFamily makes it particularly dangerous as it can successfully attack authentication processes, such as certain types of biometrics, that w ..read more

Phishing and spear phishing are not new attack methods. But they continue to be effective despite the use of a myriad of security technologies as part of defense in depth by most organizations. In 2022, 66% of data breaches were due to spear phishing. 81% of organizations experienced at least one phishing attack per 2023 CyberRisk Alliance report (up from 58% in 2022) and 75% of organizations faced smishing (SMS phishing) attacks, according to Proofpoint 2024 State of Phish report. So, the attack technique is not going away any time soon. But they have gotten more creative. Spear phishing ofte ..read more

In today’s interconnected world, cyber threats pose a significant risk to organizations of all sizes. From sophisticated spear phishing attacks to MFA attacks that use lookalike domains to Traffic Distribution Systems (TDS), the threat landscape continues to evolve at a faster pace than existing defenses, causing breaches and data theft. In many of the attacks, threat actors age their domains for a very long time, sometimes even 120 days after the domains are registered. In other cases, threat actors are very quick and use registered domains within a few hours, targeting specific organizations ..read more

This blog contains an excerpt of our new paper that unveils a previously unpublished multi-year operation using Domain Name System (DNS) queries, open DNS resolvers, and China’s Great Firewall. We detail what is known about the operation today and how to identify it in DNS logs. Further, we show that during these operations, the Great Firewall responds in a manner not previously documented, indicating that the threat actor is a Chinese nation state actor. This research highlights the ability and appetite of sophisticated actors to conduct extended operations undetected – analogous to the recen ..read more

DNS Early Detection – Proof of Value Study In this blog, we present a proof of value study demonstrating the value of detecting attempted DNS exfiltration and Command and Control (C2) communications. Our focus is on two anonymized customers: a large e-commerce/retail company (Customer #1) and an educational institution (Customer #2). This study shows how the use of both our Suspicious Domain feeds and our Threat Insight capability that inspects customer network DNS traffic can work to protect the enterprise. The intriguing aspect of this proof of value study lies in the diverse decisions made ..read more

What You Need to Know On March 21, 2024 Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint distributed denial-of-service (DDoS) attack guidance for federal, state, local, tribal, and territorial government entities to serve as a comprehensive resource to address the specific needs and challenges faced by government agencies in defending against DDoS attacks. Distributed denial-of-service attacks typically originate from multiple sources, making them difficu ..read more

Do I Really Need DDI? First, let’s address the obvious: The answer to this question isn’t going to surprise you, coming from an employee of a company that sells DDI solutions. So maybe the better question is Why do I really need DDI? DDI, of course, is the abbreviation1 for DNS, DHCP and IPAM, which are, respectively, the Domain Name System, the Dynamic Host Configuration Protocol, and IP Address Management.2 Almost anyone likely to read this blog is familiar with DNS and DHCP, so I’ll take it as a given that I don’t need to argue why they’re critical. But DDI solutions do more than deliver DN ..read more

The Transformation of Infoblox Threat Intel – Part 1 Certain life events are unforgettable – your first kiss, your first date, and more! For those of us in the world of computer networking and cybersecurity, there are other special moments. These might include your first computer, your first computer game, your first encounter with a virus, your first firewall, and your first time dealing with Conficker. Yes, I know, I’ve been around for a while! When I embarked on this journey, there was no such thing as “cyber” anything, let alone the Internet. Then came networks, followed by the Internet, v ..read more