Skip to main content

If you have been following our weekly cybersecurity updates, you will know that sometimes we find interesting trends, and sometimes…not so much.

As we dive deeper into analyzing the data, what we discover is that sometimes nothing really changes week to week. Some trends become expected patterns over time, and while we love headline-grabbing news, we love being accurate and reassuring even more. 

Therefore, in the interest of ongoing self-improvement, we are going to start wrapping up our weekly look at the top D-Zone DNS Firewall blocks with the interesting trends and headlines around the world of cybersecurity—with a Canadian focus.

BIND Vulnerability – CIRA had your .CA covered

Last week saw an interesting security announcement regarding a BIND vulnerability. Given the patch timing (between two different patches called P1 and P2) and the potential severity of the issue, the Internet Systems Consortium (ISC) felt it necessary to give a public announcement on the issue faster than normal. This helps ensure that the latest releases were put in place and that there was no confusion between what the latest release was. It is worth noting that ISC does make all vulnerabilities public but that some organizations, like CIRA typically have advanced notice to update and patch critical infrastructure.

Since BIND is the DNS software used by the majority of the internet's domain name system, these vulnerabilities, if not repaired could have had global ramifications. It is a lesson on the importance of patching, but more importantly, it is a lesson in redundancy.

CIRA builds redundancy into everything we deploy, whether for .CA domains or our DNS security services. That includes transit, cloud, hardware, software and node redundancy. In the case of the BIND security patch we also have another DNS software deployed in our technology stack to ensure our services remain on if there was a failure, hack, or maintenance reason to have to take one of the two programs offline.

To get a little promotional, it is why we offer a DNS Anycast solution to Canadian (and global) organizations to help ensure they also have redundancy and why we offer a DNS Firewall with unique data science and threat detection to help Canadian organizations add an additional defensive layer at a low administrative and monetary cost. If my use of italics above didn't catch your eye, the point is that you can never have too many layers, too much overlap, or too much redundancy.

Ransomware goes hyper-local

Earlier this month, the Town of Wasaga Beach made the decision to pay the ransom demanded in a successful ransomware infiltration. Some of the interesting fallout was a letter to the editor in the Creemore Echo regarding the Township of Clearview that suggested the approach of backup versus prevention was not sufficient. Seeing this level of attention in a town with just over 14,000 citizens underscores the huge challenges that face rural Canadians as everything is going online. Municipalities whose biggest challenges used to involve roads and sewers are now faced with very public and very important cybersecurity issues.

Top DNS firewall blocks of the week

CIRA's D-Zone DNS Firewall is deployed extensively across Canada through school boards and municipalities. This gives us a unique perspective on what is going on in these sectors in addition to our enterprise customers. Last week, we saw several new domains enter the top ten list with the usual TLD suspects ranging from .ru to .xyz and even a randomized domain using .com. Remember, that this is only the top ten list. There were well over 10,000 unique domains blocked.

The major threat to individual and corporate systems continues to be Trojan downloaders that, once on a system, work in the background to install all manners of malware with the goal of stealing data, installing ransomware, or even mining bitcoin. The second category is malware already on networks that is attempting to call to a control server. The most significant advantage of a DNS firewall is its ability to not only block many of these domains automatically, but to prevent the malware that gets through from doing any damage when it tries to call home to mama.

Domain

Threat Type

76236osm1.ru

Trojan downloaders

superyou.zapto.org

Spybot

dj1.jfrmt.net

Morto

e51091eec8b619d50e44c8c29b7a0ee8.com

Malware Call Home

soplifan.ru

Trojan downloaders

buysellstops.com

Malware Call Home

mine.torrent.pw

Malware Call Home

mastopak.xyz

Malware Call Home

diplicano.ru

Trojan downloaders

p.mocean.cc

Suspected Malware