HYAS blocks tons of queries on behalf of our clients each day and we occasionally step back and look at the patterns that derive from them. Looking at where blocked traffic was trying to go, we see in this month’s heatmap some familiar infrastructure patterns, in addition to some shifts that likely reflect attacker hosting choices.
Some observations this month:
Broader activity across Japan, India, Turkey, South Africa, and other countries could suggest some level of deliberate regional diversification. It’s not uncommon for attackers to distribute risk for operational resiliency, test latency to target populations, and exploit providers and infrastructure that may not yet be identified in reputation-based intelligence feeds. We’ll be looking more into the evidence for these going forward.
Geography is not an effective security control. Quiet geo-allow rules and “friendly-country” assumptions can not be relied upon in cybersecurity and can become invisible bypass vectors that weakens security. Instead, DNS-layer controls that evaluate destination infrastructure and reputation for you in real time are needed to keep your business moving quickly while also protecting it from a wide range of cyber threats.
HYAS Protect leverages our unique infrastructure intelligence and proprietary decision logic to prevent connection to risky destinations and reduce the risk from phishing, infostealers, adversary command and control, and staging chains upstream of compromise. The net effect is fewer incidents, more efficient application of existing security resources and personnel, and a more secure and resilient organization.
Want to learn more? Reach out at hyas.com and try HYAS Protect and HYAS Insight for a free trial period.