20i Reseller Hosting

Active Cyber Defence – Case Studies for Defending Public Institutions

Discussion in 'Nominet General Information' started by Acorn Newsbot, Jul 29, 2019.

  1. Acorn Newsbot

    Acorn Newsbot Junior Member

    Joined:
    Jan 2006
    Posts:
    21,919
    Likes Received:
    33
    One of the most interesting elements of the Active Cyber Defence – The Second Year report from a Nominet perspective are the three case studies. Each example showcases real-life cyber defence where a number of indicators set in motion a series of events to protect our public institutions – such as a school – from cyber attack.

    Not only do the case studies show the very real threat facing public institutions but they also demonstrate the type of remedial action needed to counteract an attack.

    Let’s take a look in a little closer detail. Here are the scenarios:

    • Remediating a worm at a local authority
      When Ramnit – a worm affecting Windows systems – was suspected, an investigation showed that PDNS was blocking malicious domain name lookups from infected machines that were not protected by an endpoint security solution.
    • USB infection
      Malware originating from an infected USB stick was found through indicators from the PDNS service.
    • Multiple internet connections
      A constant desire to ‘always be connected’ means that security teams are constantly tackling new devices gaining access to the network. In some cases, these are connected specifically because employees want to bypass policy controls; e.g. they are prevented from downloading a specific piece of software. One of these connections was found to have been harnessed by an attacker who was detected by the PDNS service as they pivoted through the target network.

    The full report can explain exactly what tools and techniques were used to collaboratively counteract these and other threats but, from our perspective, let’s look at the role of DNS-based security.

    The PDNS service is constantly monitoring traffic for requests to resolve malicious domains that are flagged from threat intelligence feeds. This raw data is analysed in real time by both the NCSC and our team at Nominet, drawing attention to any incidents and risk areas.

    In the first two incidents the PDNS service recognised a threat that had penetrated beyond the existing security precautions, while in the third, the PDNS service recognised indicators of a threat on the network which was traced back to an unsanctioned connection to the internet.

    It wasn’t just these instances that PDNS played a role either – it is estimated that PDNS is protecting an estimated 1.4 million employees in the public sector from visiting malicious sites. Check out my previous blog to see how many queries were handled and blocked, including WannaCry, BadRabbit and evidence of attempts to spread the Conficker worm.

    Domain Name System (DNS) provides invaluable insight into potential threats on the network. As proven here, the fact that DNS is ubiquitous gives it a unique perspective on network connected devices. Even when other technologies fail, even when processes fall down and employees are – knowingly or unknowingly – putting the corporate network at risk, DNS-based security can save the day.

    The post Active Cyber Defence – Case Studies for Defending Public Institutions appeared first on Nominet.

    Continue reading...
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk