Following the news that fake Metldown and Spectre patches have been discovered, Gary Cox, Technology Director for Western Europe at Infoblox commented below.
Gary Cox, Technology Director for Western Europe at Infoblox:
“This is an illustration of a particularly alarming form of malware, used to deliver payloads behind the firewalls of the victim’s company or service provider. From here, the malware can spread to other devices, and can use the internet to communicate with its command and control (C&C) server from which it is able to download further malicious software or exfiltrate data.
In most cases, the communication between device and C&C requires the use of the domain name system, or DNS.
The deployment of effective internal DNS security solutions can help detect and protect against malware exploiting an organisation’s DNS to further infect its network. Intercepting DNS queries associated with known malware, for example, will effectively block the threat by interrupting its communication with external C&C servers. Cutting connection with a C&C server then reduces the risk of infection and prevents malware from spreading within the network.
A vital component of network architecture, it’s crucial that DNS isn’t overlooked and left unprotected, particularly with attack vectors of this type taking advantage of its vulnerabilities for criminal gain.
Criminals will always try to trick us, deploying a broad set of risk reducing controls is vital, but equally so is vigilance and validation, only install patches or software when you are fully confident that you trust its origin, and in most cases that means it should be the manufacturer or vendor.”