Protecting from Ransomware Attacks with DNS
The session is focused on the ways DNS can be used to improve protection against ransomware campaigns and speed up investigations of such incidents. We will cover fresh tactics, techniques, and procedures (TTPs) used by ransomware actors which actively adopt advanced persistent threat (APT)-style tactics and evasion techniques.
These actors’ goals have shifted from deploying ransomware on a few vulnerable machines to achieving persistence in the network and causing maximum damage to push victims into paying the ransom.
We will share DNS-based classifiers developed by the Cisco Umbrella team and discuss our approach to building them based on changes in the threats landscape.