Infoblox Threat Intel Discovers Muddling Meerkat, a DNS Operation Controlling China's Great Firewall

Muddling Meerkat utilizes sophisticated DNS activities, likely propagated by Chinese state actors, to bypass traditional security measures and probe networks worldwideWith market-leading DNS expertise, backed by data science and AI, Infoblox Threat Intel hunts, tracks and stops threats lurking in DNS, up to 60+ days before other security toolsInfoblox Threat Intel enables Infoblox BloxOne® Threat Defense customers to see who and what connects to their network – disrupting threat actors' operations and infrastructure pre-incidentInfoblox introduces Zero Day DNS™ feature that detects and blocks attacks launched from domains immediately used after registration as part of a zero trust model for DNSto distinguish itself from the sea of threat intel aggregators - highlighting its expertise in original DNS threat research.

Throughout the past year, Infoblox Threat Intel was the first to report other DNS threat actors, all of which had gone undetected for over a year by the rest of the industry. These include DNS C2 malware toolkit Decoy Dog, malicious link shortening service provider Prolific Puma, the most extensive known cybercriminal traffic distribution system VexTrio Viper (aka VexTrio), and DNS CNAME redirection network provider Savvy Seahorse. These publications represent a small fraction of the number of DNS threat actors Infoblox Threat Intel has discovered and are tracking.

"The sheer mass of threat actors effectively hiding in the DNS should be a wakeup call for every defender to make DNS threat intelligence an essential part of their strategy," added Burton. "Why? Because more than 92%2 of malware utilizes DNS."

The most effective way to protect against these sophisticated threats is with DNS Detection and Response systems like Infoblox's BloxOne® Threat Defense. Unlike other security solutions that are malware and post-event centric, Infoblox Threat Intel uses a multi-pronged approach to discover threats in DNS.

Introducing Zero Day DNS, the Newest Feature within BloxOne Threat Defense

Infoblox's new cloud-based Zero Day DNS™ augments the existing methods to detect and block possible threats from domains that are registered by threat actors just minutes to hours before being used in an attack. It is a zero trust model for DNS that leverages the extensive visibility Infoblox has to rapidly adjudicate hundreds of thousands of new domains in near real time every day.

While most domains are aged before they are used by attackers, Infoblox has discovered an alarming trend over the last 18 months, where threat actors register lookalike domains and immediately use them in targeted attacks. Zero Day DNS was designed specifically to address this risk.

Zero Day DNS is tailored to individual customer networks, providing a new form of custom threat intel for Infoblox BloxOne Threat Defense Advanced Cloud customers. This capability provides the earliest defense against spearphishing attacks, which were responsible for 66% of all data breaches in 2023 according to Barracuda Networks annual report on phishing trends.1 Initial results show that Zero Day DNS can detect novel threats without risk of blocking vital network access. Over 16% of the flagged domains were deemed malicious within 48 hours by other analytics.

"Zero Day DNS is not just a nice to have, but a strategic advantage in an environment where threat actors, particularly ransomware actors, are using a domain immediately after registration for spearphishing," added Burton.

Meet Infoblox Threat Intel

Dr. Burton will discuss Muddling Meerkat at the RSA Conference in San Francisco, May 6-9. Live sessions will be held at Booth S-726. Visit this here to request a meeting with Infoblox at RSAC 2024.

Additionally, Dr. Burton is hosting a webinar titled: Infoblox Threat Intel – Disrupting Cybercrime Where it Begins – DNS, on May 8 at 10 am PDT. Register to attend here.

About Infoblox
Infoblox unites networking and security to deliver unmatched performance and protection. Trusted by Fortune 100 companies and emerging innovators, we provide real-time visibility and control over who and what connects to your network, so your organization runs faster and stops threats earlier. Visit Infoblox.com, or follow-us on LinkedIn or Twitter.

Media Contacts:
pr@infoblox.com
infoblox@ruderfinn.com 

1 https://www.barracuda.com/reports/spear-phishing-trends-2023
2 https://executivegov.com/2020/06/anne-neuberger-on-nsas-secure-dns-pilot-program/

 

 

Photo - https://mma.prnewswire.com/media/2396885/Infoblox_Threat_Intel_Logo.jpg
Photo - https://mma.prnewswire.com/media/2396887/INFOBLOX_Threat_Intel.jpg
Photo - https://mma.prnewswire.com/media/2396886/Infoblox_Threat_Intel_picture_2.jpg
Photo - https://mma.prnewswire.com/media/2397110/Threat_Intel_image_5.jpg

View original content:https://www.prnewswire.co.uk/news-releases/infoblox-threat-intel-discovers-muddling-meerkat-a-dns-operation-controlling-chinas-great-firewall-302129799.html

boerse | 67926923 |