Threat Developments: DNS Security, Part 2

Part 2: Industry styles


Inside our Threat Developments blog collection , we try to provide insight in to the prevalent trends on the threat scenery. Our goal in providing you the latest information on these developments is that you’ll end up being better ready to allocate security assets to where they’re required most.

Knowing the bigger trends might help in this particular pursuit, with regards to the most typical threat types particularly. This is exactly what we protected partly among this Threat Trends discharge on DNS Security, using information from Cisco Umbrella , our cloud-native security service.

However, various industries have different degrees of contact with certain threat sorts sometimes. For example, those within the financial solutions industry might see a lot more activity around info stealers; others in manufacturing may be more prone to encounter ransomware.

This is exactly what we’re likely to cover partly two. We’ll concentrate on specific industries, considering two things: the very best threat categories they encounter, and the groups that they’re more prone to encounter in comparison with other sectors. In this real way, you’ll be much better armed understanding which threats you’re more prone to encounter inside your industry.

As partly one, year of 2020 we’ll be considering data within the calendar. This right period we’ll be comparing annual totals of DNS visitors to malicious sites, by business. While we do that, we’ll drill right down to the monthly level sometimes, or appearance at endpoint information, to highlight components of interest. All this provides us a window in to the types of threats that generate probably the most traffic for various institutions.

So, without more ado, and in simply no particular order, listed below are the industry trends:



Almost all DNS traffic in the Technology sector-the sector relating to the growth and/or distribution of technological goods and services-can be related to two categories: cryptomining and phishing. Both of these categories only accounted for 70 % of the visitors for businesses in this sector.

           DNS activity in the technology sector               

Unsurprisingly, the Technologies sector saw a lot more cryptomining traffic than any industry far. While a lot of this activity could be attributed to poor actors, it’s probable that more information surrounding cryptocurrencies could business lead workers in this industry to try and install miners on the company computer systems, triggering DNS blocks in Umbrella because of company policy violations. Compared, Financial Services-an market where workers tend to be more likely alert to the risks of working cryptomining software program on company devices-had among the lowest levels.

Interestingly, the Technology industry saw the second-highest degree of ransomware-related traffic, mainly driven by episodes concerning Sodinobiki and Ryuk . However, the extremely higher proportion of cryptomining down pushed the entire percentage, to arrive a six percent. trojan activity was high furthermore, considering that Trickbot and Emotet had been utilized to distribute Ryuk, as earlier discussed partly one .

Financial Providers


Phishing resulted within the highest degrees of malicious DNS visitors in the Financial Solutions sector. Actually, this sector saw 60 percent more phishing compared to the next-closest sector, ADVANCED SCHOOLING. It’s possible that sector is focused by attackers through phishing more regularly than others due to its proximity to numerous bad actor’s objective: money.

Supporting this idea may be the fact that the Economic Services sector also noticed more information-stealing threats than any industry. While not recognized to generate higher volumes of DNS visitors (only 2 %), Financial Providers saw five times just as much visitors in this class than any other sector. DNS Activity in the Financial Services Sector

Financial Solutions also saw the second-highest quantity of traffic in a genuine number of categories, such as for example trojans, botnets, and remote control access trojans (RATs). The breadth of malicious visitors seen in this business could talk with how attractive a focus on it really is to bad actors.

Health care


The Health care industry saw more trojans than any sector, along with higher amounts of droppers. The majority of the trojan-based exercise could be related to Emotet, as healthcare companies were hit tough by the threat in 2020. Near seven from every ten trojans noticed within the health care sector was Emotet. Toss Emotet’s cousin Trickbot in to the mix close, you’re considering 83 percent of most trojan-related traffic.

           DNS Activity in the Healthcare Sector               

It likely arrives as no real surprise that ransomware produced its existence known within the Health care sector also. Ryuk was active particularly, no doubt linked to the high action surrounding Emotet. The Health care sector has been narrowly edged from the second-highest location for ransomware also, to arrive only one 1.5 percent low in overall DNS traffic.



Just like the Technology sector, cryptomining exercise was saturated in the Manufacturing market also. It saw half the experience observed in the Technology field roughly, but interestingly, there have been almost three periods as much endpoints in the Production industry involved in cryptomining. In a nutshell, more machines leading to less DNS action leads us to trust these endpoints were much less powerful in comparison with those in the Technologies sector. It’s feasible that the devices compromised get excited about the manufacturing procedure itself, actually IoT related . In these full cases, cryptomining could have been slower, but could impact manufacturing speeds still.

           DNS Activity in the Manufacturing Sector               

As it happens that the Manufacturing field is the probably to be influenced by ransomware also. This industry saw nearly as much ransomware-related visitors as the following two closest industrial sectors combined (Technology and Health care). This is apparently a clear indication the is targeted by poor actors regularly, most likely through huge online game hunting and the potential payout poor actors could receive.



The COVID-19 pandemic closed campuses in 2020 worldwide. As classes shifted remote, many malicious actions that would have already been blocked on campus could have happened on student’s house networks. This led to drop-offs in malicious exercise for this sector in lots of classes from March onwards, and far lower overall quantities in 2020 than in previous years.

           DNS Activity in the Higher Education Sector               

That’s not saying that action dropped off the cliff, as certain routines that would require usage of campus resources did sign up their talk about of DNS exercise. For example, phishing activity were able to put ADVANCED SCHOOLING in second location when you compare across industries. Cryptomining clothes also frequently focus on the bigger Education sector so that they can siphon off computing sources, or student-discounted cloud processing credits, to perform their miners.

Federal government


Of the industries that we’ve examined, the federal government sector is apparently the most equally distributed over the top categories highlighted in part among this series (Phishing, Cryptomining, Ransomware, and Trojans). THE FEDERAL GOVERNMENT sector also saw a reasonably even distribution for every of the categories when considering them month-on-month.

           DNS Activity in the Government Sector               

The sole exception to the trend was cryptomining, the entire year which saw low numbers in the initial three quarters of, in October mainly because cryptocurrency values reached a higher for the entire year and continued to climb and then jump. However, the month-on-month figures didn’t fluctuate through the final quarter of the entire year, every month remaining at largely exactly the same elevated level.

Preventing successful assaults


As mentioned earlier, the info used showing these trends originates from Cisco Umbrella , our cloud delivered security service which includes DNS security, secure internet gateway, firewall, and cloud accessibility security broker (CASB) efficiency, and threat cleverness. The malicious action shown here was halted in its tracks by Umbrella.

Umbrella combines multiple safety functions into one remedy, so that you can extend security to devices, remote customers, and distributed places anywhere. Umbrella may be the easiest way to safeguard your users everywhere inside minutes effectively.


Desire to find out more?



Choosing your battles


There is absolutely no doubt that examining trends on threat landscape can reap benefits. Understanding where episodes are occurring makes it simpler to decide where you can dedicate your assets to guard against them. Cryptomining and phishing have emerged these days, as are usually trojans like Trickbot and Emotet, utilized to deploy ransomware such as for example Ryuk.

Needless to say, different sectors are influenced by different threats in various ways, so it really helps to understand the precise trends encircling the sector you’re within. For example, it will be wise for somebody in the Financial Providers sector to help keep a detailed eye on phishing tendencies, while someone in the Manufacturing sector should take a nearer look at ransomware.

Eventually designing a defensive strategy combining the bigger trends and those of one’s specific industry, may bring you quite a distance towards protecting your assets.




We’ve followed exactly the same general methodology in this website that people did partly one , with several changes inside representation. Pie charts are usually structured off DNS query visitors to malicious websites. Any category comprising several percent of visitors for a particular sector is usually represented in the charts. All types below one % are combined in to the ‘All Others’ team in the charts.



%d bloggers like this: