SOURCE: Nominum

Nominum

May 02, 2017 08:00 ET

Nominum Offers Analysis of 15.3 Trillion DNS Records to Explain Rapid Growth and Evolution of Cybercrime in New Spring 2017 Security Report

DNS Security Pioneer's Unique Position in Service Provider Networks Combined with Cybersecurity Expertise and Proprietary Data Science Methods Bring Deep Understanding of Cyberthreat Landscape

REDWOOD CITY, CA--(Marketwired - May 02, 2017) - Nominum®, the DNS security and services innovation leader, announced today the availability of its Spring 2017 Security Report published by Nominum Data Science, which details the accelerated growth in cybercrime and the continual evolution of internet threats and attacks based on analysis of 15.3 trillion DNS and HTTP records from communications service provider (CSP) networks around the world.

The new report highlights the company's unique vantage point given its position in CSP networks. With more than 130 service providers in over 40 countries relying on Nominum's DNS software, the company's data science and security experts see massive volumes of DNS queries, which, when combined with big data and machine learning technologies, enables them to identify, de-mystify and protect against new and evolving trends in cybersecurity. In this way, Nominum has a uniquely in-depth comprehension of cybersecurity and the threat landscape that many security professionals struggle to understand because they lack access to the requisite data.

"Our latest security report discusses some of the new techniques applied by Nominum Data Science to uncover 'unknown unknowns' -- the aspects of cyberattacks that are extremely hard to pinpoint and understand when the details are so obscure," said Yuriy Yuzifovich, head of security research and data science at Nominum. "There is remarkable value to any security operation in the ability to analyze and categorize millions of DNS queries per second to discover causes of attacks, learn how they continuously take new forms and determine the best approaches for mitigation. We are releasing this report so that security professionals can arm themselves with the critical data they need to fight cybercrime more effectively."

The Cyberattack Ladder Revealed, 100 Billion Queries at a Time

In addition to using customer, commercial and public data sources, the Nominum data science team uses advanced predictive intelligence techniques to analyze over 100 billion queries daily. In its Spring 2017 report, Nominum Data Science reveals significant developments in cybercrime, such as:

  • For the six-month period October 2016 through March 2017, Nominum Data Science saw over 200% more ransomware Command and Control (C&C) domains compared to the previous six-month period.
  • Nominum Data Science saw a large number of proxy server requests to the Dark Web, including ransomware payment sites, many which were not previously detected by the security community at large.
  • DNS-based DDoS attacks have steadily grown in size while diversifying their methods and targets, making them harder to detect.
  • When it comes to phishing attacks, the greatest impact occurs within the first five to 10 hours after launch; additionally, the average phishing attack lasts 1.5 days.

The report also introduces The Cyberattack Ladder, a framework used to examine cybercrime from an attacker's perspective and help organizations make better security decisions. Each "rung" in the Cyberattack Ladder represents a cybercriminal's step towards fulfilling a cyberattack. At each step along the way, Nominum Data Science explains how to mitigate the risk by using DNS security technologies and techniques and network traffic analysis.

IoT: New Vulnerabilities Affect Households and Businesses Everywhere

The wide range of internet-connected (also called IoT, or Internet of Things) devices such as kitchen appliances, entertainment systems, and home security systems in the "smart home," to heating, electrical, and industrial control systems in large enterprise networks, is rich with vulnerabilities resulting from insecure software that oftentimes may be difficult or impossible to patch. According to research conducted at Princeton University, DNS can be a useful early indicator for these IoT-based attacks, particularly because newly registered domains used for attacks typically receive large volumes of DNS lookups earlier in their lifecycle than legitimate domain names1.

1 Nominum Spring 2017 Data Science Report, pgs. 34-35

Machine Learning Algorithms Applied to DNS Data Brings Unique Security Insights

Nominum Data Science combines its unique visibility into worldwide real-time DNS data and a patent-pending, unsupervised machine learning algorithm based on a neural network, to pick up correlation signals between domain names. This technology helps discover obscure domains that cybercriminals use to hide behind multiple machine-generated domains, while producing little, if any, false-positives.

"The ability to conduct original research and apply it at scale significantly extends our security knowledge, resulting in automated detection of clusters of malicious domains used for command and control, phishing and 'malvertizing,' and has enabled Nominum to become the leader in DNS-based detection and mitigation of cybersecurity threats," said Yuzifovich.

Nominum Data Science is hosting a live webinar that will discuss the findings and recommendations in the report, featuring Princeton Professor Nick Feamster, today, May 2, 2017 at 11:00 a.m. EDT and 9:00 p.m. EDT. For more information and to register to attend, please visit http://nominum.com/resource/security-report-pre-reg-new/.

About Nominum

Nominum™ is a pioneer and global leader in DNS security innovation. The Silicon Valley company provides an integrated suite of DNS-based applications that enable fixed and mobile operators to enhance, secure and personalize the online subscriber experience. Nominum N2™ solutions leverage the company's market-leading Vantio™ unified DNS platform and an expert team of data scientists to provide closed loop security solutions, which include: protection of fixed, mobile and converged networks from malicious attacks; security for online and mobile users from threats like phishing, ransomware and other malware; personalized customer alerts and remediation of infected devices. The result for operators is improved service agility, increased brand loyalty and a stronger competitive advantage.

More than 130 service providers in over 40 countries trust Nominum to deliver a safe, customizable internet and promote greater value to over half a billion subscribers. Nominum DNS software resolves 1.7 trillion queries around the globe every day -- roughly 100 times more transactions than the combined daily volume of tweets, likes, and searches taking place on major web properties. For more information, please visit nominum.com.

Follow us on Twitter: @nominum https://twitter.com/nominum
Follow us on LinkedIn: https://www.linkedin.com/company/nominum
See us on YouTube: https://www.youtube.com/nominum
Read our latest Nominum blog: http://nominum.com/blog/

Contact Information

  • Media Contact
    Nancy MacGregor
    PR Director
    Email contact
    +1.415.309.5185