DNS Tunneling: how DNS can be (ab)used by malicious actors

DNS is a critical foundation of the Internet that makes it possible to get to websites without entering numerical IP addresses. The power that makes DNS beneficial for everyone also creates potential for abuse. Unit 42 researchers explain how attackers can abuse DNS to hide their tracks and steal data using a technique known as “DNS Tunneling.” This research can help organizations understand DNS-based threats and the risks they pose to their environment.

Don’t Be an April Fool: Inside a Common Phone Scam

One of our team members on Unit 42 recently received a phone call from a scammer, and today being April Fool’s Day we decided to write about how we played along with the scammer to learn about his operation. Unit 42 analyst Robert received a phone call from a Tech Support scammer who told him

Connecting the Dots in Cyber Threat Campaigns, Part 2: Passive DNS

This is the second part of our series on “connecting the dots,” where we investigate ways to link attacks together to gain a better understanding of how they are related. In Part 1, we looked at how domain WHOIS information can be used to identify connections between malicious domains and potentially the actors who own