IoT’s Rough Patch

According to a survey by PricewaterhouseCoopers, almost 70% of connected IoT devices lack fundamental security. According to analyst firm IDC, “the number of IoT devices will grow from approximately 6 billion in this decade to 28 billion in 2020 — a staggering number. The market for wearable smart devices alone is expected to increase at an average rate of 60% per year to $20 billion in 2017.”

In this third installment of Securolytics’ series on IoT device security, we look at a major issue with IoT devices, the software patching process. Or often, the lack thereof. Read more “IoT’s Rough Patch”

NXDOMAIN

NXDOMAIN is the return code when a DNS lookup fails to resolve the requested domain to an IP address. This can happen for many reasons. Usually, it is just a user mistyping an address– google.xom. However, if you search your logs for NXDOMAIN, and look at the domains for which DNS lookups failed, you may be surprised at what you find.

One interesting thing that may come up are requests to various random-looking “.onion” domains. Dot onion is not a valid, routable top-level domain, but it is used by Tor clients to route requests onto the Tor network. Seeing these requests in your DNS data indicates that a device either has a Tor client installed, or that there is some malicious software on a device that is trying to find a Tor entry point.

Either case calls for action, and locating the IP address associated with the “.onion” requests can help you track down the device in question. Search on the IP address, and in the first few records returned, you are likely to find a successful login event from Active Directory logs. This will give you the user of the implicated machine. Once you’ve located the device, it would be wise to do a full malware scan on it.

Securolytics will automatically scan DNS records for suspicious domain requests. Keep malware off your network, and keep your data safe with Securoltyics.