Ignite 2017 Open Seats: Deconstructing DNS: How Bad Guys Abuse DNS To Avoid Detection

Anna Lough


Category: Ignite
 Tags: ,

Ignite ’17 Security Conference is right around the corner. To get you ready for the premier security conference of the year, we’ll be spotlighting our top session each day on the blog. Register now, seats fill up quickly!

To hide or reduce their digital trail, cybercriminals constantly buy and discard cheap domain names to use as part of their attack infrastructure. To stay ahead, brand management companies monitor daily zone files for potentially infringing base domain names. Yet the bad guys adapt and have learned to abuse DNS in new ways to avoid detection.

In this session, Internet pioneer and Farsight Security CEO and Cofounder Dr. Paul Vixie will examine the less-well monitored “dark corner” of the Internet where infringing names live created at the hostname (or “fully qualified domain name”) level. By shifting the infringing mark from the base domain to the hostname, the bad guys can still efficiently attract potential visitors via search engines, but they can avoid getting flagged during daily zone file scans. From there, bad actors can use these infringing domains to lure unsuspecting users to fake websites to sell counterfeit goods, commit phishing attacks to secure entry into networks and more.

Dr. Vixie will discuss how passive DNS sheds light on these shady DNS cyberattack techniques. He will also discuss the challenges of monitoring the Internet’s domain names on a per-host level, and illustrate solutions that are relevant to any brand owner or brand management consultancy.


Register for Ignite ’17 Security Conference
Vancouver, BC June 12–15, 2017

Ignite ’17 Security Conference is a live, four-day conference designed for today’s security professionals. Hear from innovators and experts, gain real-world skills through hands-on sessions and interactive workshops, and find out how breach prevention is changing the security industry. Visit the Ignite website for more information on tracks, workshops and marquee sessions.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS