Infoblox, the company that delivers a simplified, cloud-enabled networking and security platform for improved performance and protection, has published a threat report blog on a remote access trojan (RAT) toolkit with DNS command and control (C2).
The toolkit created an anomalous DNS signature observed in enterprise networks in the US, Europe, South America and Asia across technology, healthcare, energy, financial and other sectors. Some of these communications go to a controller in Russia.
Coined ‘Decoy Dog’, Infoblox’s Threat Intelligence Group was the first to discover this toolkit and is collaborating with other security vendors, as well as customers, to disrupt this activity, identify the attack vector and secure global networks.
The critical insight is that DNS anomalies measured over time not only surfaced the RAT, but ultimately tied together seemingly independent C2 communications.
“Decoy Dog is a stark reminder of the importance of having a strong, protective DNS strategy,” said Renée Burton, Senior Director of Threat Intelligence for Infoblox.
“Infoblox is focused on detecting threats in DNS, disrupting attacks before they start and allowing customers to focus on their own business.”
As a specialized DNS-based security vendor, Infoblox tracks adversary infrastructure and can see suspicious activity early in the threat lifecycle.Click below to share this article