Protecting from ransomware attacks with DNS
Watch on-demand | 30 minutes
The session is focused on the ways DNS can be used to improve protection against ransomware campaigns and speed up investigations of such incidents.
We cover fresh tactics, techniques, and procedures (TTPs) used by ransomware actors which actively adopt advanced persistent threat (APT)-style tactics and evasion techniques. These actors’ goals have shifted from deploying ransomware on a few vulnerable machines to achieving persistence in the network and causing maximum damage to push victims into paying the ransom.
We share DNS-based classifiers developed by the Cisco Umbrella team and discuss our approach to building them based on changes in the threats landscape.