Cybersecurity firm finds '90% crud' rule rings true among 100 billion DNS records

With more attacks coming, and the domain name system being at the center of it all, hospitals should be careful about handling web and email domains, FarSight Security says.
By Bill Siwicki
02:44 PM
Share
DNS records

The domain name system is at the heart of every cybercriminal activity, whatever the attack type. 

Farsight Security announced that its flagship product, DNSDB, has grown from 35 billion records in 2014 to more than 100 billion records. 

[Also: 10 stubborn cybersecurity myths, busted]

"After 100 billion records, we've discovered that abuse of the Internet Domain Name System is rampant," said Paul Vixie, CEO of Farsight Security. 

Sturgeon’s Law

DNSDB is a real-time snapshot of the changing Internet dating back to 2010 and contains the domain name system – the Internet’s “phone book” – in a single, indexed database so security analysts can gain critical information about past and current use of digital artifacts such as IP addresses and domain names used by cybercriminals, Farsight said.

Vixie paraphrased Sturgeon's Law that  90 percent of any particular category is “crud” and added that DNS is no exception. 

“Well, 90 percent of the DNS is definitely crud,” Vixe said. “Every variation on every organization name, including hospitals, healthcare facilities and medical device vendors, as well as pharmaceutical drug names and even newspaper headlines, is in the DNS, even if for less than a day in many cases.” 

More attacks are coming

Denial-of-service attacks are increasing in frequency in healthcare, tech firm Neustar reported. In fact, Neustar predicts 2017 will see larger attacks and combinations that use different vectors – especially more IoT and pre-planted malware.

Meanwhile, ransomware continues in healthcare. As recently as October 2, it was revealed that a ransomware attack on Fayetteville-based Arkansas Oral Facial Surgery Center has potentially breached the data of 128,000 of its patients.

What to know now

Cybersecurity investigators in healthcare organizations can access DNS records to increase the speed and accuracy of detecting and responding to cyberattacks, FarSight said. 

The company added that hackers and cybercriminals leave so-called digital footprints in the DNS, which means that hospital infosec teams can follow those to track down attackers by domain name and IP address. Tools such as DNSDB, in fact, can offer information about bad actors infrastructure and help uncover malicious activity against the hospital. 

“Every healthcare organization, and user, needs to carefully reconsider any credence they give a web or e-mail domain name based on who or what it claims to represent,” Vixie said. “Forgery isn't just common, it's the most common thing there is."

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com