The Domain Name System (DNS) guides us through the vast expanse of the internet. It is the unsung hero, translating human-readable domain names into the machine-readable IP addresses that our devices understand. But what happens when this essential process is not as private as we would like it to be? The implications for security, privacy, and even human rights can be profound.

The Risks of Plaintext DNS Queries

By default, DNS queries—the questions your computer asks to find the address of a website—are sent in plaintext. This means they are as open to prying eyes as a conversation in a crowded café. Whether it is a network administrator, an Internet Service Provider (ISP), or a more nefarious actor, anyone with the right tools can eavesdrop on these conversations. It is like announcing your destination aloud before stepping into a secret passage. The risks of doing this range from benign but targeted advertising to more sinister issues like government censorship or cybercriminals tracking your online habits.

DoT and DoH for DNS Privacy

Enter the superheroes of DNS privacy: DNS over TLS (DoT) and DNS over HTTPS (DoH). These protocols are the digital equivalent of putting our postcards in envelopes, shielding our queries from those who might want to sneak a peek.

DoT takes our DNS queries and wraps them in the security of TLS (Transport Layer Security), the same protocol that HTTPS websites use to keep your data safe. When a device initiates a DNS query, it establishes a secure connection with the DNS server through a TLS handshake, ensuring the confidentiality and integrity of the exchange. DoT prevents eavesdropping by encrypting the data, making it indecipherable to unauthorized parties.

It is like sending your DNS queries in an armored van, ensuring they reach their destination without interference. However, DoT operates on a dedicated port (853), any user with access to the network can see DoT traffic in and out, even if no one can see inside since if the requests and responses themselves are encrypted.

On the flip side, DoH sends these encrypted DNS queries over HTTP or HTTP/2. This means they travel on the same roads as regular internet traffic (port 443), blending in with the crowd. DoH allows users to bypass network restrictions and censorship, making it difficult for intermediaries to selectively inspect or manipulate DNS queries. To a network observer, DoH traffic is indistinguishable from any other secure website visit, making it a master of disguise.

Both DoT and DoH serve the same noble purpose: to protect the privacy and integrity of your DNS queries. They ensure that no one can tamper with or spy on your internet navigation. Yet, their distinct paths—DoT with its exclusive route and DoH camouflaged among the masses—offer different advantages depending on what level of privacy, security measures and compatibility you seek.

SafeDNS also provides the DoT feature, complementing the DoH (DNS over HTTPS) support that is typically enabled by default in most browsers. For guidance on activating DoT through the SafeDNS dashboard, please refer to our detailed instructions available here.

As we stand at this crossroads, the question is not just about which protocol to choose. It is about recognizing the importance of DNS privacy and taking steps to protect it. Whether you lean towards the visibility and security of DoT or the stealth and integration of DoH, the crucial thing is to be aware of your choices and their implications.

In the grand tapestry of the internet, where every click, search, and query weaves a thread, ensuring these threads are secure and private is vital. It is about more than just safeguarding data; it is about preserving the freedom and trust that lie at the heart of the digital age. As we continue to navigate this ever-changing landscape, let us do so with an eye towards not just where we are going, but how safely and privately we can get there.

The Internet has become something like the very air we breathe, ensuring its safety is paramount. Yet, lurking within this indispensable resource is a sophisticated threat known as Domain Generation Algorithms (DGA). But what exactly is a Domain Generation Algorithm (DGA), and why is it a topic of concern for cybersecurity teams and everyday internet users alike? Let’s embark on a journey to demystify DGA, its implications, its threat actors and the innovative measures being taken to combat it.

How DGAs Operate

Consider a machine infected with a botnet, like a sleeper agent awaiting orders. If this agent’s meeting point is compromised, they can no longer receive commands, rendering them ineffective. It resembles knowing exactly where a spy is going to drop their secrets. Once that location is discovered and watched, the spy’s effectiveness is nullified. Hence, the logic behind DGAs: never stick to one domain. By constantly changing domains based on a specific algorithm, these digital spies stay one step ahead, making it challenging for cybersecurity teams to catch them.

The Challenge of Detection: Separating Wheat from Chaff

Yet, the task of detecting malicious domains generated by these algorithms is not as daunting as one might think. The real challenge lies in distinguishing between DGA-generated domains and legitimate technical domains. It looks like trying to find a needle in a haystack, except some of the needles look remarkably similar to the hay. For example, Microsoft’s technical domains could easily be mistaken for those generated by DGAs, leading to a plethora of false positives. It’s a fine line to walk, requiring not just technical prowess but also a deep understanding of both legitimate domains and malicious digital behaviors.

The role of DGA in cybersecurity

The Domain Generation Algorithm (DGA) has been a big deal in malware for the past ten years. It’s crucial to understand how DGA attacks work to keep your network safe from malware. Security software can quickly block malware that depends on a fixed domain or static IP addresses. Essentially, cyber attackers use DGAs to constantly create malicious domains and IP addresses for their malware’s control servers. This makes it hard for defenders to catch them because they keep changing domains. Even though DGAs have been around for a while, security researchers say they’re still tough to deal with. But new technologies are being developed to tackle them better.

DGAs have been a headache for malware victims for over a decade. Big malware attacks like Conficker, Zeus, and Dyre have used DGAs to keep changing domains and their control servers’ addresses. Normal security software can’t keep up because the malware keeps switching domains. But now, new technologies that use big data and machine learning are being developed to predict and stop these attacks before they happen. They aim to make it harder for attackers to set up malicious sites in the same domain names in first place.

SafeDNS’s Strategies Against Domain Generation Algorithms

In response to this challenge, SafeDNS has pioneered an approach by creating a separate category for DGA domains. This initiative is not just about enhancing cybersecurity measures; it is about adapting to modern digital threats. DGA is not limited to shadowy corners of the internet; it is actively used by a wide array of platforms, including numerous gambling sites. Take 1xBet, for instance. This application leverages automatically generated domains to ensure its continuous operation, making it a tough nut to crack for those looking to block it. However, the domainexperts at SafeDNS are not easily outmaneuvered. Through meticulous analysis of application traffic and the intricate web of connections between servers, IP addresses, and generated domains, our experts manage to detect about 10 new domains daily for only this particular application, blocking them effectively and safeguarding users.

The Widespread Use of a Domain Generation Algorithm (DGA)

The use of DGA extends far beyond gambling platforms, playing a crucial role in the operation of botnets and corresponding cyberattacks. These automatically generated domains can be employed for a variety of purposes, ranging from benign technical needs to more nefarious activities. It underscores a fundamental truth about the digital age: the tools and technologies developed can serve both to advance and to undermine our collective security.

So, what does this all mean for the average internet user and for organizations striving to protect their networks? It highlights the need for constant vigilance, innovation, and adaptation. The creation of a separate category for DGA domains by SafeDNS is a testament to the proactive stance required to stay ahead of cybercriminals.

But let’s pause for a moment to ask ourselves a question: In the grand scheme of things, what can we, as individuals and as a community, do to contribute to the safety and security of our digital world? It begins with awareness of cyber attacks, understanding the nature of threats like DGA, and supporting the efforts of cybersecurity professionals. By staying informed about security solutions and adopting safe online practices, we play a part in this vast ecosystem, helping to safeguard not just our own digital footprint but also contributing to the broader effort to secure the internet for everyone.

The story of DGA is a fascinating glimpse into the ongoing struggle between cybercriminals and cybersecurity experts. It is a reminder that adaptation and resilience are key to overcoming challenges. SafeDNS’s innovative approach to tackling DGA-generated domains exemplifies the kind of forward-thinking strategy that will define the future of cybersecurity. As we continue to deal with the complexities of the internet, let’s do so with a commitment to safety, security, and the collective well-being of our networks.

Background

Absolutely. My journey began in a local telecom company, where my passion for technology propelled me rapidly from a regular technical support agent to a senior engineer. In this role, I juggled numerous responsibilities, including managing departmental tasks. My curiosity did not stop there. After mastering the telecom sector, I explored various IT niches in different companies, progressing through roles like team lead and senior engineer. This exploration led me to network operation companies and, eventually, to my current role at SafeDNS.

Certainly. Our team at SafeDNS consists of highly qualified technical support agents, operating around the clock. The majority are seasoned professionals, having been with us for over two years. This experience has fostered a robust technical team.

Support Philosophy & Strategy

Our ethos is simple yet powerful: do everything possible to aid our customers. We aim for a support process that is not just high-quality but also fast, accurate, and courteous. There is no room for irrelevant responses in our playbook.

It all boils down to passion. Loving your job naturally leads to a balance between efficiency and personal care in handling customer needs.

Challenges & Solutions

Our primary challenges include managing a seamless ticket workflow and providing dual support – both to end users and internally. The key is our team’s professionalism, which allows us to navigate these challenges effectively.

These situations are less about proving someone wrong and more about guidance. We rely on our technical documentation to provide clear, standardized solutions.

Prioritizing critical issues swiftly is essential. When a major issue arises, we quickly assess and focus our collective efforts on resolving it.

Training & Development

Onboarding at SafeDNS is a meticulous process. We only seek candidates who excel in both customer service and technical skills. Effective communication with customers is sometimes even more crucial than technical expertise, yet we are dedicated to excelling in both areas. As a result, only a select few candidates can begin their probationary period. Once onboard, new agents are supported by a comprehensive knowledge base, senior agents, and a collaborative work environment, ensuring a smooth transition into their roles.

Tools & Technology

Our toolkit includes platforms like Freshworks, Intercom, Whatsapp Business, and an internal CRM manager, alongside various minor integrations. For example, Freshworks gives us extensive support solutions, and Intercom allows for smooth communication with our clients. WhatsApp Business offers an easy-to-use interface for quick and cost-effective interactions. Our internal CRM helps keep customer data organized, and other small integrations we use to make our processes more efficient. These tools are chosen for their convenience, reliability, and comprehensive features, enhancing our team’s productivity and support quality.

AI and chatbots are invaluable in improving our support services. This technology quickly handles simple, frequent questions, freeing our agents to deal with more intricate and tailored customer needs. It makes our support process more efficient and ensures prompt, precise help for our customers. AI and chatbots can also provide round-the-clock support for complex issues. Blending AI and chatbot capabilities with our skilled support team, we offer comprehensive support that caters to our customers’ varied needs.

Metrics & Feedback

We monitor customer satisfaction scores (CSAT), first response and resolution times, and customer effort scores (CES). Reviewing CSAT scores helps us pinpoint where we can improve our services. Tracking how quickly we respond and resolve issues allows us to gauge our efficiency and manage our resources better, leading to a smoother support experience. Additionally, the customer effort score helps us assess how easily our customers can use our support and interact with our products or services.

We collect feedback through surveys, our website, social media, and emails. This data managed via our CRM and sentiment analysis tools, informs product and service enhancements through regular cross-functional reviews and agile methodologies.

This may sound cliché but we do view it constructively. Our approach involves acknowledging the feedback, investigating the issue, and communicating transparently with the customer. I would like to underline that transparent communication is a key element, where we keep the customer informed about the steps, we are taking to address their concerns. Long story short, we always use negative feedback as a learning tool for internal improvements and to enhance our support services.

Employee Wellbeing

Our focus is on creating a positive work environment. For example, we conduct regular team building activities, organized both online and offline, with the aim of enhancing camaraderie among team members and getting rid of the tedious daily routine. Flexible working hours, remote work options, and accommodating special personal needs are some of the ways we ensure a good work-life balance. We also maintain open lines of communication by ensuring that all team members are free to voice their views, concerns, or positive feedback, ensuring that every opinion matters. Our team members set goals together, discussing career opportunities so that everybody can clearly see relevant growth opportunities within the company. What I am listing now is not just about our department, it is SafeDNS’ philosophy on how to interact with employees.

We actively monitor for signs of burnout. Flexible scheduling, workload rotation, emphasis on breaks, recognition, well-being programs, and vacation usage are among our key strategies to combat burnout. But I guess the main thing that helps prevent burnout is to discuss concerns. At SafeDNS every single person is open to discussing any problems.

Unique Approach at SafeDNS:

I would say it is our proactive approach and personalized support with human touch. For sure we are proud of our truly rapid response times, dedicated account management, and customer feedback integration but in the era of bots and artificial intelligence, people lack a human touch – SafeDNS still provides it. This sets us apart in the industry.

Developing and maintaining our unique approach involves analyzing customer expectations, investing in team training, and establishing a customer-centric company culture. We try to combine a conservative but much-desired human approach with adaptation to technological trends in the industry.

Looking Ahead

Obviously the future of customer support lies in the seamless use of AI. I would add that sophisticated omnichannel experiences, advanced analytics for personalized support, and the use of AR and VR technologies will be an integral part of quality customer support as well. I personally believe that proactive communication and environmental sustainability will also be key aspects.

Since I have been asked about new trends, well, I can say that we are seeing the ubiquitous integration of artificial intelligence, an attempt to strengthen cyber defenses, and a remote work trend, which increases the volume of work. We do our best to keep up with trends and educate our staff, reinforce cybersecurity, leverage collaboration tools, and adopt eco-friendly practices.

We do plan to grow as professionals. The sky is the limit, you know. To put it into practice, we are going to develop our mentorship programs which will include more cross-trainings. And, of course, we are embracing the industry advancements to stay at the forefront.

Tips & Recommendations

Absolutely. First, prioritize clear customer communication. Second, invest in the training and development of your team. And third, wisely embrace technology to streamline processes and improve customer experiences.

Well, there are a few of them. I would list the following ones: “Delivering Happiness” by Tony Hsieh, “The Customer Support Handbook” by Sarah Hatter, a must-read no matter what sector you work in, and probably the courses on customer support from HubSpot Academy and Coursera. Blogs like Help Scout and Zendesk also provide regular industry insights.

Well, mainly our department is responsible for identifying website categories. The ML specialists focus on parsing and timely crawling these categories, processing third-party sources with thematic lists of domains, balancing and verifying records from all sources, and forming the final database assemblies. These assemblies serve as the foundation for our work and the solutions we provide to our clients.

SafeDNS employs various models to classify texts, creating a training dataset from manually tagged websites on specific topics. Mathematical models, such as binary classifiers and neural networks for different languages, are prepared to determine if a site corresponds to a given topic. Predictions are made with a certain probability, utilizing over 100 models to consistently assess sites. The final verdict is reached by aggregating this data, taking into account the trust level assigned to each data source. We use text models as well as models for image processing (specifically for identifying explicit content) and heuristics-based models for alternative site classification.

The main challenge lies in the small number of sites in a particular language available for training samples. Additionally, complexities arise with hieroglyphs, rare dialects, and when working with regions in Asia and Southern countries. To address these challenges, we utilize synthetic data and, in some cases, translate language models from more popular languages. Working with English is advantageous, as over half of the world’s internet content is in this language.

To understand site popularity and facilitate additional categorization in new regions, we analyze user logs.

Here I should add that the job takes us to the most hidden, sometimes darkest corners of the Internet. It is quite an adventure, really. Thanks to this, our solution is able to identify and categorize resources even in the rarest languages, which is definitely our advantage.

There is no surprise there. Key metrics include accuracy and error rate.

Sure, we do rely on customer feedback to initiate timely retraining of models in case of expected degradation. As I said earlier, we are able to categorize websites in quite rare languages. Actually, our clients and their feedback help us a lot in terms of recategorizing those types of resources.

I am calling it. Just kidding. First of all, SafeDNS is a company with 13 years of solid experience, a diverse client base that ensures comprehensive error correction, and trusted partners that provide us with domain list improvement.

Secondly, I would like to underline that our text models (currently we have more than 1000 of them) are trained on a huge number of different and complex resources, which means that we do not just look through the Wikipedia pages and that is it. Our crawlers, just like search engines, go through websites once a month and do so at high speed.

What else makes us different? Well, I guess, it is our unique database: it contains 2 billion URL records and includes 20% more phishing sites than other companies’ databases. The ones within the industry must know that URL categorization is way more complex to accomplish, you just cannot afford to have a smaller database.

Seems like I could go on forever answering this question, right? I just want to add one more thing: the fact that we use Passive DNS technology makes us able to track connections between domains from a historical perspective. For example, say you approached a random domain. We can see that a while ago there was a phishing site pointed to the same IP. The SafeDNS filtering will check that domain more often than the others and pessimize it since its reputation is obviously questionable.

And finally, if we speak about machine learning particularly, I should say that despite recent hype around this phenomenon, it is not a magic wand and requires human involvement. Even a classification accuracy of 99% in a database of 100 million records results in 1 million errors, which is a huge number. That is why we pay serious attention to the human factor. There is manual tagging and 24/7 top-notch technical support to handle error-related issues.

We are planning to move towards a list of new categories, introducing more segmented topics. While we currently have 60+ categories, we aim to expand to 120+, allowing for better segmentation of domains and increased accuracy.

The insurance industry, a bedrock of financial stability, has been facing turbulent waters as it faces an array of risks. Recent research conducted by PwC and CSFI from May to August 2023, known as the Insurance Banana Skins 2023 report, shed light on the pressing cyber risks and concerns affecting the insurance sector. This comprehensive research, based on 589 responses from 39 territories, presents a vivid picture of the challenges that insurance market practitioners and observers find most urgent with cybercrime at the top of the list as a leading risk.

The Dominance of Cybercrime

Among the numerous risks identified, cybercrime stands out as the unrivaled leader. The report reveals that concerns related to potential data breaches, theft of sensitive data, phishing, and ransomware attacks have taken center stage. This not only mirrors the rise in claims for cyber incidents, but also highlights the vulnerability of insurance companies’ own systems to attacks. In 2023, themes such as the growing sophistication of criminals and government backing further intensified the gravity of the situation.

Sector and Region-Specific Concerns

Breaking down the results by sector provides quite interesting insights. The composite insurance sector identifies cybercrime as its primary concern, reflecting the pervasive fear of digital threats. Life and non-life insurance, as well as reinsurance, place cybercrime in the second position (right after climate change and regulations), acknowledging its significance. Brokers, while recognizing the threat, place cybercrime in the third position.

Geographical disparities also play a role in shaping the cyber risk landscape. For Europe and the Asia Pacific, cybercrime is the top “banana skin,” reflecting the global nature of digital threats. In contrast, for Africa and North America, cybercrime ranks as the second most pressing risk, highlighting regional nuances in the perceived severity of the threat.

A Growing Landscape of Vulnerability and Cyber Risks

The research conducted by PwC and CSFI indicates a rising concern among respondents that phishing and hacking attempts are ever-present. The ease with which criminals can monetize stolen data adds a layer of complexity to the challenge. The consequences of a data breach or a successful cyberattack extend beyond mere financial losses, as the theft of sensitive data, for instance, health insurance-related information, could have far-reaching consequences for both individual firms and the industry at large.

Reasons Why The Insurance Sector Is Targeted

In all honesty, who would be surprised that insurance companies are often attacked? Handling vast amounts of valuable personal identifiable information and sensitive data, these organizations become an attractive target for cybercriminals due to several compelling reasons. Firstly, insurance companies store a wealth of personally identifiable information (PII) and financial data, making them a lucrative source for identity theft and financial fraud. The value of protected health information (PHI) within the healthcare insurance sector is particularly attractive for cybercriminals, as this data brings big profits on the dark net. Additionally, insurance companies hold critical data on assets, liabilities, and financial transactions, making them a prime target for those seeking insider information for financial gain.

Moreover, the interconnected nature of the insurance ecosystem, involving collaborations with various third-party vendors and partners, creates potential entry points for cyber threats. Attackers may exploit vulnerabilities in the supply chain, leveraging less secure partners as gateways to infiltrate the primary insurance company network. As the insurance sector embraces digital transformation and adopts technologies such as cloud computing and IoT devices, the attack surface widens, providing cybercriminals with more avenues for exploitation.

The nature of insurance operations, often involving large transactions and the transfer of significant funds, further increases the attractiveness of insurance companies as targets for cyber attacks.

Fragile Fortifications: The Alarming State of Cybersecurity in the Insurance Business

Unfortunately, despite the fact that insurance companies hand huge amounts of highly sensitive and valuable data, and the representatives consider cybercrime to be one of the most urgent risks, several researches highlight the fragile state of cybersecurity in the insurance industry. According to the Cyber Insurance Risk in 2022 report, nearly 20% of the top 99 insurance carriers have a high susceptibility to ransomware, while 82% of insurance firms are vulnerable to phishing attacks.

Additionally, according to the Insurance Banana Skins 2023 report mentioned above, the respondents, when asked to rate their preparedness for cyberattacks on a scale of 1 (poorly) to 5 (well), gave an average response of 3.20. This marks a decrease from 3.22 in 2021, signaling a slight decline in already low confidence in the industry’s ability to address the changing cyber threat landscape. The worry is palpable enough, with a sense that a successful cyberattack could jeopardize business continuity and lead to disastrous reputational consequences.

The Post-ChatGPT Era: A New Wave of Threats

The emergence of ChatGPT in November 2022 has ushered in a new era of challenges for cyber attackers. Historically, markets like Japan experienced fewer claims from phishing attacks due to the complexities fraudsters faced in translating attack emails. However, the deployment of large language models has transformed the cyber attack landscape, enabling the creation of more sophisticated phishing emails, analysis of code to find vulnerabilities and even the generation of malicious code. This shift underscores the need for increased vigilance, consistent measures, and innovative solutions in the face of evolving cyber threats.

To sum up, the insurance industry is at a critical juncture as it battles the ongoing onslaught of cyber threats. The Insurance Banana Skins 2023 report serves as a sharp reminder that cybercrime is not just a technical issue but a multifaceted challenge requiring an integrated approach. As the industry navigates these perilous waters, coordinated efforts towards strengthening cybersecurity, embracing advanced technologies, and developing a culture of resilience are imperative to protect the stability and trust that the insurance sector provides around the world.