Spam Spikes and Java Exploits Continue to Grow
Cisco's Midyear Security Report shows not only familiar trends, but also new trends in security.Cisco released today its 2014 Midyear Security Report, and it contains some trends that are the same as those the company detailed in its 2014 Annual Security report at the beginning of the year. The state of security is dynamic, however, and, as such, there are also new trends debuting in the midyear report, which is based on an analysis of 16 large multinational organizations. One of the trends highlighted in the report is the increasing malevolence of dynamic DNS. With a dynamic DNS service, users are able to redirect a hostname to an IP address of their choosing. Dynamic DNS is useful for virtual private network (VPN) applications where a home user might not have a static IP address. According to Levi Gundert, technical lead for Cisco Threat Research, Analysis, and Communications (TRAC), dynamic DNS also poses a potential risk to enterprises. Seventy percent of DNS queries were being made to dynamic DNS services across the 16 companies, the midyear report found, according to Gundert. While dynamic DNS queries can be legitimate, Cisco found that there is a correlation between the use of dynamic DNS services and attack traffic. Attackers tend to prefer certain dynamic DNS services over others, which can be a potential indicator of compromise for an enterprise, he said. Specifically, more than 99 percent of queries made to the 3322.org dynamic DNS service are malicious in nature, Gundert added. Cisco isn't the only vendor that has seen malicious traffic coming in via dynamic DNS services. On June 30, Microsoft along with law enforcement took down the Bladabindi and Jenxcus botnets, which were leveraging the No-IP dynamic DNS service.