Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
What does DNS activity look like surrounding the REvil/Sodinokibi ransomware threat?
Earlier this year year in a blog series about threat trends in DNS security, Cisco Security looked at the REvil ransomware, also known as Sodinokibi or Sodin. It noted how the ransomware compromised far more endpoints than Ryuk but had far less DNS communication. However, when revisiting these metrics, Cisco Security researchers noticed this changed in the beginning of 2021. What’s interesting in revisiting this data over an 18-month span is that while the number of endpoints didn’t rise dramatically in 2021, the amount of DNS activity did when comparing each month with the overall averages. In fact, the one noticeable drop in endpoints in December appears to coincide with the beginning of a dramatic rise in DNS activity.
Read the full blog post to learn more.
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024