Dr Burton: Their expertise and understanding of DNS make their activities hard to track and counter. These actors use advanced techniques such as DNS manipulation, traffic distribution systems, lookalike domains, registered domain generation algorithms, and more to evade detection.  These techniques demonstrate their sophistication and the challenges faced by security professionals in detecting and countering their activities. Their operations are also complex and require a deep understanding of the DNS to detect and mitigate.

Who is responsible for ensuring that these threats are promptly mitigated, and what are some immediate steps organizations can take to secure their networks against these actors?

Dr Burton: The responsibility of mitigating threats falls primarily on the security teams. They are the backbone of any organization’s defense. However, everyone within an organization can contribute to this effort. From the individual employee refraining from clicking on suspicious links, to the networking teams ensuring they have all the necessary information the SecOps team needs, each action plays a part in the larger security framework.

One of the key challenges that organizations face here is the lack of communication between networking and security professionals. Breaking down those silos and supporting collaboration and information sharing is essential for better security.

It is important to raise awareness about the central role of DNS in both the success of a threat actor and their defeat. By understanding this part of our digital world better, organizations can turn a potential attack vector into a powerful weapon against cyber threats. In terms of actions to take this means understanding DNS Detection and Response (DNSDR) as an integral part of the security stack and implementing it is a crucial step. This is because DNSDR monitors DNS traffic for threats that often remain hidden from traditional detection and response systems. This allows for a more comprehensive view of the threat landscape and enables timely and effective responses to potential attacks.

Given the current trends in DNS attacks and cybercrime, what do you foresee in the evolution of cyberthreats, and how might these impact global internet security in the future?

Dr Burton: It is clear that the evolution of cyberthreats is dynamic. Threat actors are smart and highly motivated to succeed. As technology advances, so do they. This includes technology like AI, but it also means that as more assets move into the virtual world, these assets become potential targets for attacks.

Regardless of how sophisticated actors become – regardless of the use of fake pictures and AI-supported content – they still need to use DNS to communicate and deliver their attacks.

One of the key areas why bad actors thrive is the lack of communication between networking and security professionals and the lack of knowledge about DNS. Therefore, education and breaking down silos are key to improving our defenses.

What are the future plans for the threat detection operations at Infoblox Threat Intel?

Dr Burton: DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access give us a high-powered scope to zero in on cyberthreats. By analyzing over 70 billion DNS events daily, we can detect 60% of threats before a DNS query and enrich our threat intelligence database with approximately 4 million new indicators each month.

Our future plans are rooted in our core strengths and commitments. We will continue to harness our specialized DNS expertise to stay ahead of threat actors, identifying threats that others might miss. We are dedicated to sharing our research findings with the broader cybersecurity community, contributing valuable insights to collective defense efforts.

As we navigate the evolving cybersecurity landscape, we strive to maintain our leadership position by staying at the forefront of trends and developments, ensuring our threat detection operations remain cutting-edge and effective.