Today > | 3 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Automatically Detecting DNS Hijacking in Passive DNS

Nov. 5, 2024, 10:03 a.m.

Description

This article describes a machine learning-based pipeline for detecting DNS hijacking using passive DNS data. The system processes an average of 167 million new DNS records daily, extracting 74 features from over 169 terabytes of data. Between March and September 2024, it identified 6,729 hijacking incidents out of 29 billion processed records. Notable examples include the hijacking of a Hungarian political party's domain, the defacement of a utility company and ISP, and the use of university and research center domains for illicit gambling. The pipeline can now detect DNS hijacking in customer traffic within 10 minutes, providing crucial protection against this pervasive threat.

Date

Published: Nov. 5, 2024, 5:37 a.m.

Created: Nov. 5, 2024, 5:37 a.m.

Modified: Nov. 5, 2024, 10:03 a.m.

Indicators

37.9.175.0/24

d23491dd351f43f0efad5cee2be80c4049349a7695c0e7de1de632c791356183

c43e506c9b964dddf6fd784bf0cc78b4a2396f47257361dc22e1070e249eae16

bda2503fc02b11258399cfabd0778a997654b5bd7d30e5e3f5bef54a74b914e1

b351e3f475681ab2e8db5b2bbd2beaf26e5b4fd082ca08eba6fffbc76370113c

8891e7562eb4db253a8582376083ca99b19457680f9d36a5ba4108790740785e

7bcfcc90d0bd6c85b5b1cc9f287e161020571a0418afb50f2dd67685e9d3a4fc

716778bab5fb2c439a51362be5941a50d587714d58a6faa39eefa96aa79c1561

564b21c293bc9d0885dc7a87dbf488a497c98d2103d91f5bbcfdb476eb8b6f4c

4dce8b3beba71b8b44b6576ff2497ed68c6fafebd046822f0d60f8758238e900

01082cd4733e5f3e2c3f642fa6c0afb5a9489d39ff26a35549263fc0e02ebad3

103.84.194.81

http://slackforbusiness.net/main.php

http://slackforbusiness.net/api.php

ns6.uts.ac.id

ns5.uts.ac.id

ns4.uts.ac.id

ns3.webonic.hu

ns3.uts.ac.id

ns3.gyumolcstarhely.hu

ns2.webonic.hu

ns2.uts.ac.id

ns2.gyumolcstarhely.hu

ns2.csit-host.com

ns1.webonic.hu

ns1.uts.ac.id

ns1.gyumolcstarhely.hu

ns1.csit-host.com

mail.uts.ac.id

dkujpest.hu

ccdc.org.do

c-sharp.in

slackcomtop.aab-e-pak.com

wooofi.com

slackforbusiness.net

nextnovatech.com

macpaw.us

Attack Patterns

T1189

T1082

T1083

T1204

T1584

T1566

T1190

T1078

T1059

Additional Informations

Energy

Education

Telecommunications

Government

Hungary

United States of America