Infoblox building ANZ presence as “hardcore” DNS attacks surge

Growing concern about exposure to domain name system (DNS) exploitation is driving a big enough surge in demand that server-appliance and DNS security specialist Infoblox is ramping up its Australian team and will open a local office by next year, the company's CEO has shared.

With over 100 Australian customers – managed to date through partners such as Dimension Data – the company has already established itself in the region. But with the recent appointment of a new ANZ general manager, as well as teams of salespeople and sales engineers, Infoblox president and CEO Jesper Andersen told CSO Australia that the company is bolstering its Australian and APAC regional presence to help customers stay on top of new threats posed by cloud, BYOD and Internet of Things (IoT) implementations.

“What drives our business is general growth in IP addresses, and in network complexity,” Andersen explained. “With initiatives like BYOD and the general proliferation of IP addresses around every business, it's a big growth vector for our business. We've got big plans in general for APAC and Australia is a big part of that.”

Recent analysis from Akamai found that DNS attacks comprised 5.93 percent of all observed attacks, down from 8.95 percent in 2014. Taken on their own, however, the volume of DNS threats is increasing steadily: Infoblox's latest DNS Threat Index, for example, reached a record high of 133 in the second quarter of this year – up 58 percent from 84 during the same time last year.

Attacks on DNS infrastructure can directly impact the availability of any Web site, and Infoblox is seeing strong demand for tools to help manage the exposure of DNS servers – which have increasingly come under fire as malicious outsiders figure out new ways to interfere with their operation or exploit their architecture to obfuscate other types of attacks.

As well as interfering with DNS' normal operation, a growing proportion of malware attacks are exploiting DNS architectures for tasks such as adware injection, search result manipulation, and what Andersen calls “hardcore things like data exfiltration” – newly possible as malware-infected systems break down sensitive files of interest, then feed them to DNS servers in small chunks buried in the normal syntax of regular DNS calls.

“Just in the last year there has been a lot of visibility around the threat vector of DNS,” he explained, noting that DNS security-related business had increased from 2 percent of revenues in fiscal 2014 to 9 percent in its most recent fiscal year.

“Almost all malware contacts a command-and-control centre at some point in time, and that's always including a DNS query to go to some kind of bad domain name or address.”

Blacklisting had been widely used in blocking questionable domains, but savvy attackers were rapidly registering and deregistering new domains to keep DNS servers busy and obfuscate efforts by filtering providers to keep up.

To match this threat, Infoblox had strengthened its focus on machine-learning analytical capabilities, which continuously scour DNS records to spot likely malware-related domains as they are registered and utilised.

“The bad guys are very smart and do this in a non recognisable pattern,” Andersen said. “They know they can't just leave a hacker domain forever, because these kinds of lists exist and they're easy to block. But they're getting sophisticated in avoiding detection, and we have to resort to things like machine learning to discover these kinds of things.”

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags CloudANZ presenceInternet of Things (IoT)DNS attacksAustralian teaminfobloxdimension dataCSO AustraliaBYOD

More about AndersenAPACCSODimension DataInfoblox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts