Infoblox building ANZ presence as “hardcore” DNS attacks surge

Growing concern about exposure to domain name system (DNS) exploitation is driving a big enough surge in demand that server-appliance and DNS security specialist Infoblox is ramping up its Australian team and will open a local office by next year, the company's CEO has shared.

With over 100 Australian customers – managed to date through partners such as Dimension Data – the company has already established itself in the region. But with the recent appointment of a new ANZ general manager, as well as teams of salespeople and sales engineers, Infoblox president and CEO Jesper Andersen told CSO Australia that the company is bolstering its Australian and APAC regional presence to help customers stay on top of new threats posed by cloud, BYOD and Internet of Things (IoT) implementations.

“What drives our business is general growth in IP addresses, and in network complexity,” Andersen explained. “With initiatives like BYOD and the general proliferation of IP addresses around every business, it's a big growth vector for our business. We've got big plans in general for APAC and Australia is a big part of that.”

Recent analysis from Akamai found that DNS attacks comprised 5.93 percent of all observed attacks, down from 8.95 percent in 2014. Taken on their own, however, the volume of DNS threats is increasing steadily: Infoblox's latest DNS Threat Index, for example, reached a record high of 133 in the second quarter of this year – up 58 percent from 84 during the same time last year.

Attacks on DNS infrastructure can directly impact the availability of any Web site, and Infoblox is seeing strong demand for tools to help manage the exposure of DNS servers – which have increasingly come under fire as malicious outsiders figure out new ways to interfere with their operation or exploit their architecture to obfuscate other types of attacks.

As well as interfering with DNS' normal operation, a growing proportion of malware attacks are exploiting DNS architectures for tasks such as adware injection, search result manipulation, and what Andersen calls “hardcore things like data exfiltration” – newly possible as malware-infected systems break down sensitive files of interest, then feed them to DNS servers in small chunks buried in the normal syntax of regular DNS calls.

“Just in the last year there has been a lot of visibility around the threat vector of DNS,” he explained, noting that DNS security-related business had increased from 2 percent of revenues in fiscal 2014 to 9 percent in its most recent fiscal year.

“Almost all malware contacts a command-and-control centre at some point in time, and that's always including a DNS query to go to some kind of bad domain name or address.”

Blacklisting had been widely used in blocking questionable domains, but savvy attackers were rapidly registering and deregistering new domains to keep DNS servers busy and obfuscate efforts by filtering providers to keep up.

To match this threat, Infoblox had strengthened its focus on machine-learning analytical capabilities, which continuously scour DNS records to spot likely malware-related domains as they are registered and utilised.

“The bad guys are very smart and do this in a non recognisable pattern,” Andersen said. “They know they can't just leave a hacker domain forever, because these kinds of lists exist and they're easy to block. But they're getting sophisticated in avoiding detection, and we have to resort to things like machine learning to discover these kinds of things.”

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?