IP addresses are to machines as URLs are to humans. While the latter helps humans identify and access certain websites, IP addresses help machines locate where the website is hosted      so that visitors can be directed accordingly.

DNS helps to convert URLs into IP addresses, much like the way Google Maps helps us convert postal codes into location pins on a map. But while DNS plays a critical role in how the internet works, it can be vulnerable to the cyber threats roving the net.

DNS can, for example, be an avenue through which threat actors distribute and operate malware, says David Carroll, Managing Director of Nominet UK – the official registry of .UK domain names. When users access websites containing malware, machines and networks can easily become infected, leading to potentially disastrous consequences.

Carroll delves into what some of these consequences can be and explains how organisations can adopt a stronger defensive posture to protect the DNS.

1. Can you share some examples of cyber attacks and threats that have happened as a result of malicious connections? What were the consequences?

Malware is a common example of a malicious connection attack where DNS is leveraged. It can cause harm in many ways, including stealing, deleting or encrypting, and taking control of devices to attack other organisations. Ransomware is a type of malware where attackers will threaten to publish personal data or block access until a payment is made.

The WannaCry ransomware attack in 2017 was perhaps the most notable example of this. The impacts were felt globally, as the attack spread through computers operating on Microsoft Windows. Users’ files were held hostage, and cryptocurrency was demanded for their return. Globally, over 230,000 devices were hit by WannaCry. Among those affected were critical systems needed for the functioning of countries including the UK’s National Health Service, Spain’s Telefónica telecom service, and Russian banks.

2. How does Nominet Cyber’s Protective DNS solution help to defend against such threats?

Every connection between an organisation’s network and the world wide web is present in the DNS (Domain Name System) traffic. Nominet Cyber’s Protective DNS (PDNS) is designed to analyse each one of these DNS requests and block those deemed malicious. Simply put, we offer protection against malware, ransomware, phishing attacks, viruses, spyware at source and malicious sites.

The PDNS enables governments to perform early and comprehensive incident response by providing visibility across a nation’s most critical networks, boosting its cyber situational awareness.

3. How is Nominet Cyber’s PDNS different from other DNS resolver services?

With over 25 years of experience in the national DNS space, we’re well-acquainted with what it takes to support governments in their cyber defence.

Nominet Cyber is the only Protective DNS provider who delivers a top-down solution for national intelligence and law enforcement to benefit a central authority. We work exclusively with governments and international cyber security agencies, ensuring PDNS can support the challenges that governments, specifically, face.

Our PDNS centres around four pivotal services:

  • Intelligence: Working with customers to understand what data to collect based on their individual requirements
  • Hunting: Proactively looking for threats that aren’t already blocked to strengthen threat intelligence
  • Operations: Supporting major events that require analysis, triage and communication
  • Community: Sharing insights between PDNS customers to drive future intelligence

As a delivery partner of Protective DNS solutions to both the UK and Australian governments, we understand the benefit of collaboration between peers for the greater good of cyber defence.

4. Can you share a case study or example of how Nominet Cyber’s PDNS has helped a government agency bolster their cybersecurity posture or defend against cyber threats?

Nominet Cyber delivers PDNS on behalf of the National Cyber Security Centre to protect the UK public sector. The delivery of PDNS forms a vital part of the UK’s Active Cyber Defence, designed to tackle cyber attacks to improve national resilience.

PDNS protects an estimated 6 million users, secures more than 900 organisations delivering government services, with the additional protection of a thousand organisations in the National Health Service and Health and Social Care Network.

In 2020, a malicious, unauthorised modification to an IT monitoring software known as SolarWinds Orion was identified. This software was used by about 33,000 customers across the public and private sectors and hacking it could have granted threat actors privileged access to IT systems across the world.

Amidst this attack, the PDNS dataset became a primary data source for the analysis of risk and response. It revealed key information about the attack so government agencies could take follow-up action including how many public bodies were affected, the extent of compromise, as well as the precise location of which systems and agencies were affected. This gave assurance to many core parts of the government who could rest easy knowing that their systems were not compromised.

Learn more about Nominet’s Protective DNS solutions at GovWare! Catch them at Booth N21 to find out more.