{"id":5778,"date":"2020-12-16T14:41:34","date_gmt":"2020-12-16T22:41:34","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=5778"},"modified":"2024-08-07T12:22:48","modified_gmt":"2024-08-07T19:22:48","slug":"cisos-expecting-dns-attacks-over-the-holidays","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/","title":{"rendered":"CISOs Expecting DNS Attacks Over the Holidays"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks<sup>1<\/sup><\/span><span style=\"font-weight: 400;\">. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches<sup>2<\/sup><\/span><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%<sup>3<\/sup><\/span><span style=\"font-weight: 400;\">. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">DNS Attacks Front and Center<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">The NISC council ranked domain hijacking (41%) followed by DNS spoofing\/cache poisoning, DNS tunneling, and zombie domain attacks. Over half of those surveyed had been impacted by one of these attacker techniques over the past year.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cActing as the Internet\u2019s address book and backbone of today\u2019s digital services, it\u2019s unsurprising that DNS is an increasingly appealing vector for malicious actors, particularly as more consumers turn to websites during peak online shopping periods,\u201d said Rodney Joffe, Chairman of NISC. \u201cWhen successful, DNS attacks can have damaging repercussions to an organization\u2019s online presence, brand and reputation. A domain hijacking attack, for example, can result in hackers taking control of a company\u2019s domain and using it to host malware or launch phishing campaigns that evade spam filters and other reputational protections. In a worst-case scenario, this type of attack can even lead to an organization losing its domain altogether.\u201d<\/span><\/p>\n<p><span style=\"font-weight: 400;\">\u201cWhile organizations are aware of the severity of DNS attacks, it\u2019s important that they continue to take proactive steps to protect themselves and their customers against the different threats,\u201d Joffe continued. \u201cThis should involve regular DNS audits and constant monitoring to ensure a thorough understanding of all DNS traffic and activity. Crucially, DNS data can also provide organizations with timely, actionable and important threat insights, allowing them to not only protect against DNS-related threats, but also mitigate the vast majority of malware, viruses and suspicious content before critical systems are infiltrated.\u201d<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">What You Need to Know<\/span><\/i><\/h3>\n<p><b>DNS Hijacking<\/b><span style=\"font-weight: 400;\"> refers to any attack that confuses the end-user into thinking he or she is communicating with a legitimate domain name when in reality they are communicating with a malicious domain name or IP address that the attacker has set up. This is also sometimes called DNS Redirection.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are many ways to perform DNS Hijacking, the most common way we see is used by a captive portal such as a pay-for-use WiFi hotspot: before the user pays for access, the hotspot service captures all DNS queries, and regardless of what was asked, it returns the IP address of the payment server so the user can purchase WiFi access.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Changing the client device setting to use a different DNS server is another common method of attack. The attacker could change the user\u2019s DNS setting, so instead of using the correct address, it uses the IP address of a DNS server under the attacker\u2019s control. When the user queries for bank.example.com, the attacker\u2019s DNS server could return an IP address disguised as the target website, or act as a proxy to capture all the data sent to the real website.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Another way is to gain unauthorized access to the authoritative DNS data, such as stealing someone\u2019s password, exploiting the DNS entry system vulnerability, or some other clever technique. An example of this was in the news in 2019 when the Department of Homeland Security (DHS) issued an emergency directive<sup>4<\/sup><\/span><span style=\"font-weight: 400;\"> due to malicious tampering of government DNS entries.<\/span><\/p>\n<p><b>Lookalike domains <\/b><span style=\"font-weight: 400;\">have been front and center as a threat actor technique for quite a while. Some attacks play on the fact that certain domains look similar when using different fonts or encoding. This type of attack is also known as a Lookalike or homograph attack. Lookalike domains are created, for example, by substituting a \u201c1\u201d to replace an \u201cI\u201d (capital i) in a domain name or a URL. Many character substitutions can be detected, but we tend to see what we expect to see. These substitutions are often overlooked and missed by the targeted victims. I use this example for Yahoo very frequently to illustrate how relatively easy this is to do:<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"text-align: center;\"><b>\u201c\u0423\u0410\u041d\u041e\u041e\u201d is not the same as \u201cYAHOO\u201d<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Researchers also find that cybercriminals use valid Transport Layer Security (TLS) certificates to make the lookalike domains appear legitimate. In late 2019, researchers noted that more than 100,000 lookalike domains were impersonating legitimate owners. In some instances, extra words or characters are added to complete the deception. In other cases, different characters are substituted, from other languages or fonts. With support for international characters in DNS, it is even more difficult to spot the difference between similarly spelled terms.<\/span><\/p>\n<p><b>DNS Spoofing<\/b><span style=\"font-weight: 400;\"> refers to any attack that tries to change the DNS records returned to a querier to a response the attacker chooses. This can include some of the techniques described in DNS Hijacking, the use of cache poisoning, or some type of man-in-the-middle style attack. Sometimes, we use the term DNS Hijacking and DNS Spoofing interchangeably.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As described in the DNS Hijacking section, this technique is widely used by pay-for-use WiFi hotspots at airports and hotels, and sometimes as a means of quarantine by network security teams to isolate an infected device.<\/span><\/p>\n<p><b>Cache poisoning<\/b><span style=\"font-weight: 400;\"> is a more specific type of attack targeting caching name servers in an attempt to control the answers stored in the DNS cache. There are different methods to carry out this attack, but they typically involve flooding the recursive server with forged DNS responses, changing the query ID in each response hoping to guess the right ID at just the right time. This attack is very difficult to detect, and very difficult to guard against unless DNSSEC is fully deployed. But if the attackers were successful, the payoff can be huge. The attackers can potentially impact thousands of users who use the recursive name server that hold the corrupted answers, and this poisoned entry can propagate to other caching servers and affect more users.<\/span><\/p>\n<h3><i><span style=\"font-weight: 400;\">Protecting DNS with Foundational Security\u00a0<\/span><\/i><\/h3>\n<p><span style=\"font-weight: 400;\">BloxOne Threat Defense and Advanced DNS Protection from Infoblox provide a three pronged approach to detecting and blocking attacks using a combination of signature, reputation and analytics based detection. BloxOne Threat Defense uses behavior analytics combined with machine learning to perform real-time analysis of incoming DNS queries, including entropy, n-gram, lexical, size, and frequency analysis, to detect DNS tunnels. Threat Insight, the component in BloxOne Threat Defense that does this, also reduces false positives by detecting benign usage of DNS tunnels. BloxOne also detects and blocks phishing, exploits, ransomware, and other malware.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNS tunneling can be detected with two important methods\u2014using threat intelligence to find known tunnels (for example, known malicious IPs and known bad domains) or using behavior-based analytics to detect known or previously unknown methods of DNS tunneling. Infoblox uses both methods to uncover previously unknown attacks.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">BloxOne Threat Defense also offers Custom Lookalike Domain Monitoring to enable you to stop lookalike socially engineered attacks upon your team and your infrastructure proactively. You can submit your domain or domains frequently used by your organization to the Infoblox Cyber Intelligence Unit (CIU). The CIU will analyze and identify likely lookalike domains that will require monitoring. If these lookalike domains generate any suspicious activity, your organization will promptly receive an alert to potential damaging activity and block access to these malicious domains.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">BloxOne also provides deep visibility into compromised devices or potential insider threats by giving detailed information such as device type, IP address, MAC address, and, most importantly, the user associated with the device trying to exfiltrate data. This greatly reduces the time to identify and remediate threats. Security teams can be more productive, identify threats faster, and reduce the risk of a potential breach.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Advanced DNS Protection c<\/span><span style=\"font-weight: 400;\">omprehensively defends the external (Internet facing) and internal DNS server from the widest range of DNS-based attacks, including DNS hijacking, DNS DDoS, NXDOMAIN and cache poisoning, while maintaining service availability and business continuity. The solution intelligently detects and\u00a0<\/span><span style=\"font-weight: 400;\">mitigates DNS attacks while responding only to legitimate DNS\u00a0<\/span><span style=\"font-weight: 400;\">queries, without the need to deploy security patches. With Infoblox, you can take <\/span><span style=\"font-weight: 400;\">network reliability to the next level by ensuring that your critical <\/span><span style=\"font-weight: 400;\">infrastructure\u2014and your business\u2014keep working at all times.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Learn more about DNS security here:<\/span><\/p>\n<p><a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\"><span style=\"font-weight: 400;\">https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you want to know more, please reach out to us directly via <\/span><a href=\"https:\/\/info.infoblox.com\/contact-form\" target=\"_blank\" rel=\"noopener\">https:\/\/info.infoblox.com\/contact-form<\/a>.<\/p>\n<p>Endnotes<\/p>\n<p><sup>1<\/sup><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/cisos-dns-christmas\/\">https:\/\/www.infosecurity-magazine.com\/news\/cisos-dns-christmas\/<\/a><\/p>\n<p><sup>2<\/sup><a href=\"https:\/\/advanced-television.com\/2020\/12\/11\/report-78-cyber-pros-expect-increase-in-dns-threats\/\">https:\/\/advanced-television.com\/2020\/12\/11\/report-78-cyber-pros-expect-increase-in-dns-threats\/<\/a><\/p>\n<p><sup>3<\/sup><a href=\"https:\/\/www.f5.com\/labs\/articles\/threat-intelligence\/how-cyber-attacks-changed-during-the-pandemic\">https:\/\/www.f5.com\/labs\/articles\/threat-intelligence\/how-cyber-attacks-changed-during-the-pandemic<\/a><\/p>\n<p><sup>4<\/sup><a href=\"https:\/\/cyber.dhs.gov\/ed\/19-01\/\">https:\/\/cyber.dhs.gov\/ed\/19-01\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks1. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday [&hellip;]<\/p>\n","protected":false},"author":324,"featured_media":5779,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[360,383,384,385,386,387,388,189],"class_list":{"0":"post-5778","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-dns-security","9":"tag-holidays","10":"tag-christmas","11":"tag-dns-hijacking","12":"tag-lookalike-domains","13":"tag-dns-spoofing","14":"tag-cache-poisoning","15":"tag-cybersecurity","16":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>CISOs Expecting DNS Attacks Over the Holidays<\/title>\n<meta name=\"description\" content=\"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISOs Expecting DNS Attacks Over the Holidays\" \/>\n<meta property=\"og:description\" content=\"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2020-12-16T22:41:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-07T19:22:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"485\" \/>\n\t<meta property=\"og:image:height\" content=\"337\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michael Zuckerman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Michael Zuckerman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/\"},\"author\":{\"name\":\"Michael Zuckerman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\"},\"headline\":\"CISOs Expecting DNS Attacks Over the Holidays\",\"datePublished\":\"2020-12-16T22:41:34+00:00\",\"dateModified\":\"2024-08-07T19:22:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/\"},\"wordCount\":1449,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Attacks-over-holidays-1.png\",\"keywords\":[\"DNS Security\",\"holidays\",\"christmas\",\"dns hijacking\",\"lookalike domains\",\"dns spoofing\",\"cache poisoning\",\"Cybersecurity\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/\",\"name\":\"CISOs Expecting DNS Attacks Over the Holidays\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Attacks-over-holidays-1.png\",\"datePublished\":\"2020-12-16T22:41:34+00:00\",\"dateModified\":\"2024-08-07T19:22:48+00:00\",\"description\":\"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Attacks-over-holidays-1.png\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Attacks-over-holidays-1.png\",\"width\":485,\"height\":337},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/cisos-expecting-dns-attacks-over-the-holidays\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"CISOs Expecting DNS Attacks Over the Holidays\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/212816c17be869578ba1574b5fc7abf4\",\"name\":\"Michael Zuckerman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_324_1628613720-96x96.jpg\",\"caption\":\"Michael Zuckerman\"},\"description\":\"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/michael-zuckerman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"CISOs Expecting DNS Attacks Over the Holidays","description":"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/","og_locale":"en_US","og_type":"article","og_title":"CISOs Expecting DNS Attacks Over the Holidays","og_description":"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/","og_site_name":"Infoblox Blog","article_published_time":"2020-12-16T22:41:34+00:00","article_modified_time":"2024-08-07T19:22:48+00:00","og_image":[{"width":485,"height":337,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png","type":"image\/png"}],"author":"Michael Zuckerman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Michael Zuckerman","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/"},"author":{"name":"Michael Zuckerman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4"},"headline":"CISOs Expecting DNS Attacks Over the Holidays","datePublished":"2020-12-16T22:41:34+00:00","dateModified":"2024-08-07T19:22:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/"},"wordCount":1449,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png","keywords":["DNS Security","holidays","christmas","dns hijacking","lookalike domains","dns spoofing","cache poisoning","Cybersecurity"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/","url":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/","name":"CISOs Expecting DNS Attacks Over the Holidays","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png","datePublished":"2020-12-16T22:41:34+00:00","dateModified":"2024-08-07T19:22:48+00:00","description":"CISOs Expecting DNS Attacks Over the Holidays, It looks like the Grinch that might steal Christmas will use DNS-based attacks. According to a just-released report,78 percent of cybersecurity professionals surveyed expect to see an increase in DNS-related security threats over the next few weeks. In order to prepare for these attacks, approximately 59 percent have altered their DNS security as the holiday season approaches.In 2020, the number of all DDoS attacks reported to the F5 SIRT identified as DNS amplification nearly doubled, to 31%. During the 2020 period, 12% of the DDoS attacks were malicious DNS requests against customer DNS servers.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Attacks-over-holidays-1.png","width":485,"height":337},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/cisos-expecting-dns-attacks-over-the-holidays\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"CISOs Expecting DNS Attacks Over the Holidays"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/212816c17be869578ba1574b5fc7abf4","name":"Michael Zuckerman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_324_1628613720-96x96.jpg","caption":"Michael Zuckerman"},"description":"Michael Zuckerman is a seasoned B2B product marketing and marketing strategy consultant with experience in the cybersecurity marketplace. Zuckerman\u2019s domain experience in cybersecurity over the past 10 years includes DNS security, threat intelligence, threat intelligence platforms (TIP), container security, mobile device security, moving target defense, network threat analysis (AI), sandbox, deception technology, cloud access security brokers (CASB), SASE, AI based SIEM, secure collaborative governance, and related technology sets to include data loss prevention (DLP), user and entity behavior analytics (UEBA), and encryption.","url":"https:\/\/www.infoblox.com\/blog\/author\/michael-zuckerman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/324"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=5778"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5778\/revisions"}],"predecessor-version":[{"id":8994,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/5778\/revisions\/8994"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/5779"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=5778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=5778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=5778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}