Theft or unauthorised movement of any data from a company, formally known as data exfiltration, is one of the biggest cybercrimes in today’s world. It typically involves a cybercriminal stealing data from personal or corporate devices, such as computers and mobile phones, through various cyberattack methods. In the last two years, the average annual cost of insider threats has skyrocketed, rising 31% to $11.45 million (ObserveIT, 2020). Moreover, 62% of companies in the Americas experienced a data breach or cyber incident in 2021 (KPMG,2022), suffering financial losses as a result.
Cybercriminals know that DNS is a well-established and trusted protocol and have figured out that many organisations do not examine their DNS traffic for malicious activity. DNS tunnelling enables these cybercriminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls. That’s why DNS tunnelling is one of the most common attacks involved in data thefts.
DNS tunnelling is not always detectable with a firewall or proxy as they are designed to work in the application layer (Layer 7). Data Loss Prevention (DLP) technologies are designed to monitor protocols to which files can be attached, such as HTTP, FTP, IM, Telnet, TCP/IP, SMTP, POP3, and IMAP. However, they do not analyse DNS logs.
Blocking DNS-based threats is a major challenge, and cybercriminals use its pervasive but easily overlooked attack surface to their advantage. Targeted data, for example, can be converted to Base 64 and then exported using the DNS protocol, which can be easily disregarded. As a result, companies are losing money and reputation.
One of the many futures of our DNSDome cloud-based product is its ability to detect and prevent DNS tunnelling. With DNSSense’s Secure DNS cloud solution, DNS tunnelling attacks can be detected, blocked, and reported to a SIEM solution instantly before any malicious activity is completed.
DNSSense uses heuristics and behavioural methods such as monitoring impulsive spikes in the volume and number of DNS queries from individual source IPs to detect DNS Tunnelling.
More importantly, It boasts the most advanced AI-based dynamic threat intelligence database, Cyber X-Ray, which stores the entire domain data on the Internet chronologically where the magic happens to detect the most advanced DNS tunnelling attacks with NEARLY ZERO FALSE POSITIVES. It is the most effective solution to save your data, money and reputation from DNS tunnelling attacks.