Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

Active Cyber Defence – Case Studies for Defending Public Institutions

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,602
Reaction score
126
One of the most interesting elements of the Active Cyber Defence – The Second Year report from a Nominet perspective are the three case studies. Each example showcases real-life cyber defence where a number of indicators set in motion a series of events to protect our public institutions – such as a school – from cyber attack.

Not only do the case studies show the very real threat facing public institutions but they also demonstrate the type of remedial action needed to counteract an attack.

Let’s take a look in a little closer detail. Here are the scenarios:

  • Remediating a worm at a local authority
    When Ramnit – a worm affecting Windows systems – was suspected, an investigation showed that PDNS was blocking malicious domain name lookups from infected machines that were not protected by an endpoint security solution.
  • USB infection
    Malware originating from an infected USB stick was found through indicators from the PDNS service.
  • Multiple internet connections
    A constant desire to ‘always be connected’ means that security teams are constantly tackling new devices gaining access to the network. In some cases, these are connected specifically because employees want to bypass policy controls; e.g. they are prevented from downloading a specific piece of software. One of these connections was found to have been harnessed by an attacker who was detected by the PDNS service as they pivoted through the target network.

The full report can explain exactly what tools and techniques were used to collaboratively counteract these and other threats but, from our perspective, let’s look at the role of DNS-based security.

The PDNS service is constantly monitoring traffic for requests to resolve malicious domains that are flagged from threat intelligence feeds. This raw data is analysed in real time by both the NCSC and our team at Nominet, drawing attention to any incidents and risk areas.

In the first two incidents the PDNS service recognised a threat that had penetrated beyond the existing security precautions, while in the third, the PDNS service recognised indicators of a threat on the network which was traced back to an unsanctioned connection to the internet.

It wasn’t just these instances that PDNS played a role either – it is estimated that PDNS is protecting an estimated 1.4 million employees in the public sector from visiting malicious sites. Check out my previous blog to see how many queries were handled and blocked, including WannaCry, BadRabbit and evidence of attempts to spread the Conficker worm.

Domain Name System (DNS) provides invaluable insight into potential threats on the network. As proven here, the fact that DNS is ubiquitous gives it a unique perspective on network connected devices. Even when other technologies fail, even when processes fall down and employees are – knowingly or unknowingly – putting the corporate network at risk, DNS-based security can save the day.

The post Active Cyber Defence – Case Studies for Defending Public Institutions appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

New Threads

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom