Laugh (sufficiently), learn (efficiently), and then let us know what you think in our comments (anonymously, if you wish)…
Related Posts
Upcoming webinar: How a leading architecture firm approaches cybersecurity
Upcoming webinar: How a leading architecture firm approaches cybersecurity
[[{“value”:”
How does a company navigate over 80 years of technical debt? Which tools do a security team of 5 rely on everyday? What threats are considered most dangerous?
On March 28, 2024, Malwarebytes CEO, Marcin Kleczynski, and Payette Associates Director of Information Technology, Dan Gallivan, will answer these questions and more in our live Byte into Security webinar.
Event details
Date: March 28, 2024
Time: 10 AM PST / 1 PM EST
Registration: Open Now
In this webinar, you’ll discover…
How Payette Industries ensures the security of remote teams while handling extensive data repositories.
The impact of moving workloads to the cloud and simplifying systems on enhancing security measures.
Why adopting Managed Detection and Response (MDR) services is crucial for providing round-the-clock monitoring and augmenting the capabilities of internal teams.
Why attend?
This Byte into Security webinar is a must for anyone eager to see how top-tier cybersecurity tactics are applied in real-world scenarios. Whether you’re involved in IT or simply keen on learning about state-of-the-art security practices, Marcin and Dan’s discussion will equip you with valuable insights.
Register now to secure your spot!
“}]] Read More
Malwarebytes
![Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRACzdnGOMNuVJwpfuxCjNr8rNNytSFTGmmfYmBqEGDef0r-WfmEWMAe1orlZsxcdwLRVW1daSAdaUliguV6ojuQhXWVl5QSlmqy-KueYYSEL8W5xkwFlV8Z2vijXoY5yVI1LylFDmw9jyA6Yop3VG8NHWWWiKonwk33j9DKM0hdMk2S_NkDadVoRF2aTR/s16000/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall-figure-2.jpg)
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication
Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication
[[{“value”:”
Hackers exploit DNS vulnerabilities to redirect users to malicious websites, launch distributed denial-of-service (DDoS) attacks by overwhelming DNS servers, and manipulate domain resolutions to intercept traffic for surveillance or data theft purposes.
Infoblox researchers recently revealed “Muddling Meerkat,” a highly sophisticated likely Chinese state actor able to manipulate China’s Great Firewall internet censorship system.
This DNS-based threat bypasses security by generating massive distributed DNS query volumes propagated through open resolvers worldwide.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
Muddling Meerkat & Chinese Firewall
Leveraging its DNS expertise, Infoblox proactively discovered and blocked the actor’s domains to protect customers from this emerging cyber threat operating under China’s control of its national internet infrastructure.
Infoblox Threat Intel’s Dr. Renee Burton explained, “It was our unwavering focus on DNS data coupled with advanced data science and AI that enabled us to track down a Chinese-controlled DNS operator which we believe is behind the so-called ‘Muddling Meerkat’ campaign.”
The nickname denotes the campaign’s mysterious nature and its elaborate use of open resolvers and MX records to hide its tactics.
This discovery underscores for Infoblox customers the need for strong detection and response capabilities against such advanced threats based on DNS.
Not only that, but this actor’s activity also shows a deep understanding of domain name system (DNS) operations, which illustrates the importance of securing them.
Muddling Meerkat has been active since 2019 and shows a very high-level attack on the DNS system.
The Meerkat’s true intentions are currently unknown, but they seem to be related to reconnaissance. Initially, it was believed to be another type of slow-drip DDoS attack.
82% of this year’s threats were stopped by patented technology and Zero Day DNS capabilities before they could even make their first query, which amounts to a total of 46 million indicators identified in 2023 at a rate equal to .0002 percent false positives per one million queries.
Here below, we have mentioned all the sophisticated things that threat actors do in their operations:-
To provoke reactions from the Great Firewall, they can use non-MX records within Chinese IP ranges that will be false to show how their strategy involves using national infrastructure in new ways.
It can also be done by sending DNS queries for MX records as well as other types of domain name system resource record sets, such as those under common top-level domains like “.com” and “.org,” which are not owned or controlled by the threat actors. This helps hide the true intentions.
Another method is employing old domains created before 2000 to pass off as regular traffic on the domain name service while bypassing detection mechanisms, which only look for recently registered ones, indicating a deeper understanding of how DNS works.
Muddling Meerkat appears to be a Chinese state actor, because we can observe MX record responses from Chinese IP addresses that are not open on port 53 of Muddling Meerkat target domains over multiple years, I am confident those responses are results of the GFW,” researchers said.
Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo
The post Muddling Meerkat Using DNS As A Powerful Weapon For Sophistication appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
![Deep dive into the 2024 Incident Response Report with Unit 42’s Michael “Siko” Sikorski](https://thecyberwire.com/images/pages/Palo-Alto-Threat-Vector.jpg?#)
Deep dive into the 2024 Incident Response Report with Unit 42’s Michael “Siko” Sikorski
Deep dive into the 2024 Incident Response Report with Unit 42’s Michael “Siko” Sikorski
This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael “Siko” Sikorski, Unit 42’s CTO and VP of Engineering, discussing the Unit 42’s 2024 Incident Response Report. They provide insights into key cyber threats and trends including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of ‘living off the land’ attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption, supply chain attacks, and share recommendations for mitigating these cyber threats. Read More
The CyberWire