Suspicious DNS activity runs rife

Nearly half (40 per cent) of enterprise networks tested by security appliance firm Infoblox show evidence of DNS tunnelling.

DNS tunnelling is symptomatic of active malware or ongoing data exfiltration within an organisation’s network. Infoblox’s latest quarterly security assessment report (pdf) also measured the prevalence of other specific security threats, including botnets, DDoS traffic and ransomware.

In the second quarter of 2016, 559 files capturing DNS traffic were uploaded to Infoblox for assessment, coming from 248 customers across a wide range of industries and geographies. Two-thirds of these files showed evidence of suspicious DNS activity. ®

Biting the hand that feeds IT © 1998–2018