}

Quad9 as a Tool to Fight Business Email Compromise

2018-04-10

[:en]Business Email Compromise or BEC is not a new cybersecurity attack vector, but it is gaining more attention as it is becoming more common. The basic idea is that a scammer or con-artist uses deception to pretend to be a high-level official of an organization in order to compromise that organization or to otherwise profit. It is a particularly insidious social engineering attack.

Most BEC attacks revolve around theft: The perpetrator pretends to be someone authorized to send or receive funds from the company. The US FBI's Internet Crime Complaint Center (IC3) has an excellent press release with attack types, examples, and response suggestions. It is worth reading. Trend Micro has categorized attack methods and has a good story on its website's cybersecurity section

The attacker usually begins with a targeted phishing attack on the company followed by a spearphishing attack on the CEO, CFO, or someone else authorized to send money to the attacker.

It seems unlikely that phishing will ever be curtailed. I think it is a tool attackers will at least use for some time because there are always gullible or uninformed users who will click on links that conceal attack vectors. Wouldn't it be useful if there were some way to protect individuals and organizations when those links are clicked?

Because BEC and many other attacks often begin with an email or website containing deceptive links, the Global Cyber Alliance, has developed Quad9, a tool to help address that. The Alliance was founded by The City of London Police, the District Attorney's office of New York County, and the Center for Internet Security. You can find more about them at https://www.globalcyberalliance.org/about.html An important collaborator on Quad9 is IBM.

Quad9 as a Tool to Fight Business Email Compromise

According to the Alliance, "Quad9 is a free security solution that uses DNS to protect your system against the most common cyber threats. It improves your system's performance, plus, it preserves and protects your privacy. It's like an immunization for your computer." The idea is that the DNS server at 9.9.9.9 is configured to reject (using the NXDOMAIN message) name resolution requests for domains that are known or suspected to be malicious. Quad9 uses databases from "18+" organizations to determine what sites to block.

It is easy to configure Quad9: a network administrator just needs to replace the default IPv4 DNS address with 9.9.9.9. The backup you can use for a secondary server is 149.112.112.112.For IPv6 you can use 2620:fe::fe. As of this writing, they claim to block around two million requests per day. There is no guarantee that all of those were genuine attacks, but I believe it is making a significant dent in visits to potentially malicious sites already. If you are interested in the speed of resolution with Quad9, hackernoon.com reported the results of some testing in December 2017.

I checked an internet database of "suspected" malicious domains and picked a couple. I tried each using google's public DNS of 8.8.8.8 and Quad9's 9.9.9.9. In both cases, the google server resolved the names (to the addresses reported in the database I checked) and Quad9 showed "nonexistent domain".

I am configuring the DNS server for my office to Quad9, and I suggest you consider doing so also.

Related Training:
Cyber Security Training

AUTHOR: John McDermott[:]

John McDermott

Written by John McDermott

John McDermott, CPLP, started his work in computer security in 1981 when he caught an intruder in a system he was managing. In recent years his consulting has included security consulting for small businesses. He is Security+ and CCP certified. In his 30 years with Learning Tree John has written and taught courses in programming, networking and computer security. He is the co-author of Learning Tree’s course System and Network Security: A Comprehensive Introduction. John is currently a learning and development consultant in northern New Mexico. He lives in a house made of earth with his wife, who is an artist.