Why Cybersecurity Awareness Training Matters:

1. Embracing the Changing Threat Landscape:

As technology advances, so do the tactics employed by cybercriminals. Cybersecurity awareness training offers individuals and organizations an opportunity to stay ahead of the curve by staying informed about the latest threat landscape. By understanding emerging threats and attack vectors, participants can adapt their defenses and effectively mitigate potential risks.

2. Safeguarding Valuable Data Assets:

Data has become a currency of the digital age, making it a prime target for cybercriminals. Cybersecurity awareness training equips individuals with the tools to protect their personal and organizational data. By adopting best practices in areas like password hygiene, email security, and safe browsing habits, participants can safeguard their valuable information from unauthorized access or breaches.

3. Strengthening the Human Firewall:

While technological solutions play a crucial role in cybersecurity, human behavior remains a critical factor. Cybersecurity awareness training helps individuals develop a security-conscious mindset and empowers them to act as the first line of defense. By recognizing and avoiding social engineering techniques like phishing, individuals can prevent attackers from infiltrating their networks.

4. Fortifying the Digital Perimeter:

With the increasing prevalence of remote work and interconnected devices, the digital perimeter has expanded beyond traditional boundaries. Cybersecurity awareness training addresses challenges like securing Wi-Fi networks and managing Bring Your Own Device (BYOD) policies. By understanding and implementing best practices, individuals can establish robust defenses and minimize potential vulnerabilities.

SafeDNS: Empowering Digital Resilience:

SafeDNS understands the transformative impact of cybersecurity awareness training in today’s ever-evolving threat landscape. Our comprehensive training program empowers individuals and organizations to embrace their digital resilience. Covering critical areas such as password hygiene, email security, malware awareness, Wi-Fi security, BYOD security, and ongoing awareness and reporting, our training equips participants with actionable knowledge and practical strategies.

Through engaging modules, real-life examples, and interactive exercises, SafeDNS fosters a culture of continuous learning and preparedness. We emphasize the importance of staying informed about emerging threats and provide participants with the tools to adapt their defenses accordingly. Upon successful completion of the training, SafeDNS recognizes participants’ dedication and commitment with certificates of completion, enhancing their professional credentials.

Learn more about SafeDNS’s cybersecurity awareness training and start your journey towards a more secure digital future.

Embrace the power of cybersecurity awareness training with SafeDNS and unleash your digital resilience today!

We strive to make our service reliable and high-quality. The SafeDNS machine learning department employs various machine learning algorithms to verify and categorize domains. To ensure stable and high-quality filtering, we employ different approaches and utilize our own and third-party databases.

In this article, we will discuss the basic methods of threat detection, that allow us to handle the majority of cyber threats.

Detecting a domain that is not in our database with artificial intelligence

When you click on a link that is not in our database, our system launches a series of machine learning models for checks.

If we have not encountered the existing domain before, the user will be redirected to a blockpage and the domain itself will be “quarantined” until it is assigned a category. The page content is then scanned.

Based on this scan and a series of additional checks, the website is assigned a specific category. On the SafeDNS website, you can verify a link before clicking on it.

When the category is known, the system acts according to established rules, either blocking access or allowing the user to visit the website.

Parked Domains

A parked domain is a domain that is listed for sale. This means that the webpage associated with it either has minimal or no content because it is, for example, under development or will soon be transferred to another owner.

In addition to cross-checking other sources, the ML department monitors the NS (Name Server) addresses of most registrars. Parked domains are often gathered on separate NS servers, and we have the addresses of most of these servers. During domain analysis we look at where it is resolved, and if it is resolved to a dedicated NS server for parked domains, we assume it is a parked domain and assign it a corresponding category.

The threat posed by parked domains is that they can be acquired by malicious actors at any time and used to distribute malware or control botnets. Therefore, they should always be closely monitored.

Our algorithm regularly checks parked domains for content. If malicious content is detected on a website, it will immediately be categorized accordingly and blocked upon attempted access. The website can be assigned any other category based on its content.

Phishing

Phishing is a form of fraud in which a malicious actor attempts to obtain confidential information, such as login credentials or account data, by impersonating a reputable person or entity through email or other communication channels. According to the Forbes phishing is one of the most prevalent types of cybercrimes with over 500 million phishing attacks reported in 2022. For perspective, that’s over double the number of reported attacks in 2021.

The messages may appear similar to the ones you have received before. It could be an email from a bank, a ticket aggregator, or a notification from a social network. The message contains malware designed to infiltrate the user’s computer or a link to malicious websites to deceive and obtain account or credit card information.

Phishing is popular among attackers because it is easier to deceive someone into clicking on a malicious link that appears genuine than to try to breach computer security systems. Attackers disguise their messages to resemble content from various companies using logos and slightly altered phishing links that may differ from the original by just one letter. For example, “gogle.com” or “facebook.me.” Knowing that users may already be suspicious of such links, the malicious link may be embedded in a button, making the actual address invisible at first glance. However, in such cases the malicious resource will still be blocked. If you are reluctant to click on a link, you can copy the link address and verify it using our verification service.

Phishing links can be detected using ai and machine learning methods and natural language processing. The first step is to check for typosquatting.

There are known methods for creating phishing domain names that resemble legitimate ones but are actually different. This is called typosquatting. Typosquatting occurs when fraudsters intentionally use typos or similar characters to create domain names that look almost identical to the genuine ones.

Some typosquatting techniques include skipping, repeating, adding, or rearranging characters in the domain name. They may also substitute characters with visually similar but distinct characters or use characters located near each other on the keyboard.

To detect typosquatting-based phishing domain names, analysis of the web address and domain name is conducted. Specific patterns characteristic of fraudulent web addresses are sought. This approach allows for quick domain name checks without the need to load the content of the web page.

As a baseline method for detection, we use the Levenshtein distance. It is more likely for scammers to impersonate a domain associated with a well-known brand rather than a niche company. We take a comparison base of the top most popular domains, totaling around a million. We use a metric that measures the absolute difference between two character sequences. It is defined as the minimum number of single-character operations required to transform one character sequence into another.

We establish a threshold value for this distance. Then, we analyze the incoming domain name by calculating the distance to the original names. The smaller the distance, the more similar the domains are, indicating a higher likelihood of phishing.

In the example of Facebook.com and Facebok.com, the Levenshtein distance is 1. In comparison to the original, it would be 0.

The second stage involves checking other indicators such as domain age, external sources, content analysis, and more. When a combination of factors suggests the site is a phishing one, it is categorized accordingly, and the user will see a blockpage when attempting to access it. Knowing that a specific domain name belongs to the phishing category, all pages of that site will also be blocked.

Ransomware

Ransomware (or a ransomware program) is a type of malware that prevents or restricts users’ access to their system by either blocking the system screen or blocking users’ files until a ransom is paid. As in the case of phishing, when using our service, the user will not be able to click on the link where the ransomware program is located if this site is in our categorization database. It should be noted that attacks using ransomware can be large-scale. If the company and ransom amount are big, the attackers will carefully prepare for the attack taking into account the specifics of the security systems of said company. This is why we strongly recommend applying a set of cybersecurity measured and regularly conducting trainings with employees.

We need to mention that the volume of ransomware attacks dropped 23% in 2022 compared to the previous year. However, the nature of the attacks has changed and they have become more effective.

Botnets

A botnet is a network of compromised computers infected with malicious software. Cybercriminals use botnet networks consisting of a large number of devices for various malicious activities without the users’ knowledge.

Here’s how our system works in dealing with botnets:

• We analyze user traffic and look for requests to known botnets.
• If connections to command-and-control servers or infected nodes are detected, we consider the traffic from that user/device suspicious.
• We identify unknown domains in the traffic, which also fall under suspicion by default.
• The remaining domains are categorized as botnets, and attempts to access such websites are blocked.

In addition, SafeDNS monitors the volume of requests from users. If we observe sudden spikes in network traffic, network administrators will receive notifications about suspicious traffic growth.

In Q1 2023, attacks witnessed a significant 47% surge compared to the same period in the previous year. This rise was accompanied by a shift towards botnet utilization and an increasing prevalence of smokescreening techniques to conceal multi-vector incidents. Notably, the use of attacks as decoys rose by 28% in comparison to Q1 2022.

DGA

DGA stands for Domain Generation Algorithms. These are algorithms found in various families of malicious software that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers.

SafeDNS also tracks this category. The detection process is somewhat similar to typosquatting detection. We analyze the domain name by breaking it down into n-grams and compare how closely they match the pool of n-grams from known valid and “white” sites. We also use a range of other parameters for verification. In all cases, the age of the domain plays an important role in our assessment and trust in it.

In this category, there is a risk of blocking technical domains because their names are often generated randomly. To avoid this situation, we additionally check the content on the page before assigning it to a specific category. The age of the created domain is also taken into account. The younger it is, the higher the likelihood that it is a DGA-generated domain.

Cryptojacking

Сryptojacking is a type of cybercrime where a criminal secretly uses a victim’s computing power to generate cryptocurrency. Over the past years, there has been a sharp increase in cryptojacking cases. In the SonicWall Cyber Threat Report for 2023, researchers from SonicWall Capture Labs reported a 43% increase in cryptojacking attempts compared to the previous year, 2022.

Cryptojacking can remain unnoticed for a long time, as it often targets IoT devices, many of which are easily compromised due to the use of unprotected public networks.

If traffic to cryptojacking-related domains is detected, such traffic is blocked, and all unfamiliar domains are added to the database for verification.

Conclusion

All the threats described above as a rule exhibit fairly typical patterns of cyber attacks. For more targeted threats, we have the Passive DNS service, which helps cybersecurity specialists draw conclusions about potential threats.

We store and gather a history of domain changes, as well as the information about the IP address a particular domain belongs to, along with other relevant information. Based on this, we establish connections between nodes in the global network.

When a new domain enters our database, we compare its registered IP address, connections, and patterns with those in our database. If we see that the IP address has already been compromised (associated with or previously owned malicious domains), all other domains from that IP will be added to the “suspicious” website database and checked for malicious content.

Passive DNS historical data also enables security teams to identify patterns of malicious activity, detect phishing attacks, and other targeted threats.

Passive DNS helps identify patterns and enables predictive analysis for attack detection. At first glance, you can discover useful information about a domain. For example, you can view the date of the A record modification and identify changes in the A record.

The domain database is enriched from several dozen external sources, with cross-checks of data. The database is also replenished from daily user traffic. We constantly seek new sources of information in the field of child protection and cybersecurity and actively collaborate with data scientists, government regulators, safe internet associations, and technology companies.

It is worth mentioning that we actively collaborate with government organizations in the field of child protection. We implement lists from IWF (UK), BPjM (Germany), ARAHNID (Canada), CTIRU, as well as data from over 100 private and government organizations. We help companies comply with legal requirements and regulations.

The use of DNS filtering is recommended by the CISA. It serves as the first and effective layer of protection for your company’s network against malicious resources. Using DNS filtering in addition to other cybersecurity solutions significantly reduces the risks of data leaks and cyberattacks.

Ransomware attacks are becoming increasingly prevalent, posing severe threats to individuals and businesses. Safeguard your organization from these malicious attacks with the TLP:CLEAR guide, a comprehensive resource that offers practical information on how to prepare for, prevent, and mitigate the impact of ransomware.

The TLP:CLEAR guide presents a concise yet thorough approach to combatting ransomware attacks. It emphasizes the importance of proactive measures such as implementing Protective Domain Name System (DNS) services and sandboxed browsers to mitigate risks associated with web browsing and malicious internet activity. By leveraging these solutions, organizations can effectively protect themselves against the dangers of browsing the internet.

As cybersecurity experts, we wholeheartedly endorse the recommendations outlined in the TLP:CLEAR guide. Notably, the guide highlights the significance of web filtering as a crucial component of a company’s cybersecurity posture.

Web filtering is a fundamental element of a comprehensive cybersecurity strategy, providing organizations with a proactive defense mechanism against a wide range of threats. By implementing robust web filtering solutions, companies can exercise control over the content their employees can access, effectively blocking potentially malicious or harmful websites.

In our discussions on cybersecurity, we consistently emphasize the importance of web filtering. It is reassuring to see that the experts behind the TLP:CLEAR guide also recognize the value of this essential security measure. Their endorsement of web filtering further validates our stance and reinforces the critical role it plays in safeguarding organizations against cyber threats.

The TLP:CLEAR guide equips organizations with actionable steps to enhance their cybersecurity posture and mitigate the risks associated with ransomware attacks. We strongly recommend following the comprehensive checklist provided in the guide, which covers the implementation of Protective DNS, adherence to cybersecurity best practices, and continuous employee training. Proactively implementing these measures significantly reduces susceptibility to ransomware attacks and effectively safeguards digital assets.

Recently, renowned researchers from Tel-Aviv University and Reichman University conducted a groundbreaking study on DNS resolvers and distributed denial-of-service (DDoS) attacks. Their research uncovered a severe complexity attack called NRDelegationAttack, which poses a significant threat to DNS resolvers. This attack can exhaust CPU resources and cause denial of service to legitimate users.

The study identified major resolver implementations, including BIND9, Unbound, and Knot, as vulnerable to NRDelegationAttack. The researchers issued three common vulnerabilities and exposures (CVEs) related to this attack. Testing on 16 open resolvers confirmed their susceptibility.

SafeDNS stands out as the web filtering solution with the most sustainable infrastructure, as confirmed by the provided data. In comparison to other major DNS resolvers, SafeDNS demonstrates exceptional performance in maintaining low latency and minimizing latency increase percentages.

According to the test results, SafeDNS exhibits remarkable consistency, with a mere 4.65% increase in latency from the first NXNS Attacker. This outstanding performance significantly outperforms many other resolvers, ensuring users experience minimal delays and enjoy a seamless browsing experience.

Moreover, when facing the NRDelegationAttack Attacker, SafeDNS experienced an increase of 5812.8% in latency, surpassing the performance of several other DNS resolvers. Notably, some of the other resolvers encountered ClientTimeout errors in response to the NRDelegationAttack Attacker, highlighting the robustness and reliability of SafeDNS.

These results underscore SafeDNS’s commitment to providing a sustainable infrastructure that delivers exceptional performance, security, and stability. Users can rely on SafeDNS to navigate the internet securely and efficiently, while experiencing minimal latency and maintaining a seamless browsing experience.

To learn more about this groundbreaking research, including detailed analysis and findings, please refer to the full research article.

Start using SafeDNS for free

Take advantage of the SafeDNS trial period and try all the best features

The Myth: DNS Servers and Improved Ping

When it comes to gaming, some individuals believe that by using specific DNS servers, they can significantly reduce latency and enhance their gaming performance. The idea behind this belief is that connecting to nearby or faster DNS servers will result in quicker resolution times, leading to improved connection speeds and reduced ping during gameplay. However, this assumption oversimplifies the complexity of network performance.

The Reality: Minimal Impact on Ping

While it may seem logical that connecting to optimized DNS servers would lead to improved gaming performance, the reality is that DNS resolution has limited impact on reducing ping or enhancing overall gaming latency. In most cases, the time it takes to resolve DNS queries is minimal compared to other factors influencing latency, such as the speed and quality of your internet connection, server distance, and network congestion.

To put it simply, even if you were to connect to the fastest DNS servers available, the improvements in ping would be marginal, if noticeable at all. The primary focus should be on addressing the factors that have a more significant impact on gaming performance.

Alternative Solutions for Enhanced Gaming Experience

To optimize your gaming experience, consider the following alternative strategies that have a more substantial impact on reducing latency and improving overall performance:

1. Internet Speed and Quality:

Start by checking the speed and quality of your internet connection provided by your ISP. Ensure that you are subscribed to a plan that offers sufficient bandwidth and low latency for gaming. If necessary, consider upgrading to a higher-speed plan or exploring alternative internet service providers in your area.

2.  Network Optimization:

Optimize your network settings for gaming to reduce latency and improve stability. Here are a few steps you can take:

• Utilize a wired connection instead of relying on Wi-Fi, as wired connections tend to offer lower latency and better stability.
• Close bandwidth-intensive applications or downloads running in the background, as these can hog network resources and negatively impact your gaming experience.
• Configure your router for gaming traffic, which may involve enabling Quality of Service (QoS) settings or prioritizing gaming traffic over other types of network traffic.

By implementing these alternative solutions, you can make significant improvements to your gaming experience without relying solely on specific DNS servers.

While the myth persists that using specific DNS servers can dramatically improve gaming performance, the reality is that DNS resolution has limited impact on reducing ping or overall gaming latency. Instead, prioritize factors such as internet speed and quality, as well as network optimization, to enhance your gaming experience. By focusing on these essential aspects, you can effectively optimize your gaming setup and enjoy a smoother and more enjoyable gaming experience.

How does it work?

SafeDNS User Administration allows you to create sub-accounts, namely Administrators and Auditors, to manage your primary account efficiently and securely. Administrators have their own unique login and password and possess all the permissions of the main account, except for the ability to create additional Administrators. Auditors also have their own login and password but are limited to accessing the Stats page only. They can view logs and statistics but cannot modify any settings on the dashboard. 

Note: Please be aware that Administrators and Auditors are intended for use with the Dashboard interface only and are not compatible with the SafeDNS Agent application.

Why is it important?

Enhanced Security: User Administration enhances security by granting specific access privileges to sub-accounts. With well-defined roles and permissions, you can reduce the risk of unauthorized access and potential data breaches. Implementing the principle of least privilege ensures that users only have access to the resources necessary for their tasks, strengthening overall security.

Efficient Account Management: Delegating account management tasks to Administrators allows for more efficient user onboarding, offboarding, and ongoing management. Administrators can quickly provision new accounts, adjust permissions, and remove access when necessary. This streamlines administrative processes and password management, leading to improved productivity and reduced administrative overhead.

Accountability and Compliance: User Administration contributes to accountability within your organization. By tracking all account actions, the comprehensive logging system provides a clear record of user activities, changes made, and the responsible sub-account. This level of accountability is crucial for regulatory compliance, internal auditing, and forensic investigations.

What are the logs for?

SafeDNS also provides a comprehensive logging system that captures and stores important user actions within the dashboard. The logs include details such as login/logout events, configuration changes made by the main administrator, sub-administrators, and auditors. These logs track activities such as enabling/disabling features, adding/removing entries in Allow/Deny lists, and more.

Additionally, we have created a helpful video tutorial that provides detailed instructions on how to set up the User Administration feature. This video will guide you through the process, ensuring a seamless implementation of sub-accounts for efficient account management. You can find it here.

SafeDNS User Administration and logging features offer a robust solution for effective account management and enhanced security. By delegating responsibilities through sub-accounts and leveraging detailed logging capabilities, organizations can streamline operations, maintain accountability, and ensure compliance. Explore the power of User Administration and logging with SafeDNS to fortify your network’s security and efficiency.

We are delighted to share the news of our remarkable achievements in 2023 with Capterra. We are proud to have received multiple awards, including recognition in two categories this year: Emerging Favorite in Endpoint Protection and Cloud Security.

SafeDNS has been highlighted as a highly-rated product in the  Cloud Security Software category of Software Advice’s FrontRunner Report 2023.

We have also earned a spot in the Capterra Shortlist for endpoint protection.

Here’s our placement in the Grid report:

We are grateful to our clients for making this achievement possible! We have received exceptional reviews on Software Advice:

“Very easy to install and integrate. The service allowed for more flexible options – such as a longer whitelist of websites – as well as less complicated than Cisco Umbrella.” [Edward]

“Safedns does a great job of making DNS based administration quick and easy. Safedns also does a great job of allowing administrators to define a list of allowed sites and deny everything else. Some of the big players in this space surprisingly don’t have this functionality.” [Troy]

This award recognizes exceptional companies and products with a significant amount of recent favorable user reviews that puts them in the top tenth percentile of highly reviewed products on SourceForge.

At SafeDNS, we are committed to providing our customers with the best web filtering solutions that keep them and their businesses safe online. Our cloud-based platform offers comprehensive protection against malicious websites, phishing, and other online threats, while also allowing users to customize their browsing experience based on their unique needs.

Great support and very effective system. Easy to setup for a multi-site company with many simple to use features and good written support materials. [Leonides Daniel C.]

We would like to thank all of our customers who took the time to share their positive experiences with SafeDNS on SourceForge. Your feedback and support are what drive us to continuously improve our products and services.

How Does DNS Blocking Work?

Well, when a user types a website’s URL into their web browser, the request is sent to a DNS server to resolve the domain name into an IP address. DNS blocking works by intercepting this request and checking the domain name against a predefined blocklist or denylist. If the domain name is found on the blocklist, the DNS server responds with a blocked message instead of the IP address, preventing the user from accessing the website.

What Happens if a Website is on Both the Allow and Denylist?

It’s important to note that if a website is on the denylist, it cannot be added to the Allowlist, and vice versa. This is because the two lists work in opposite directions, with one blocking access and the other allowing it. Additionally, if a website you are trying to add to either list is already blocked by an AppBlocker, you will receive an error message. In this case, you will need to remove the site from the AppBlocker’s blocklist before adding it to the desired list.

How to Check if a Website is Blocked?

If you’re unsure whether a website is blocked, there is a way to check it by using the nslookup command in the command prompt. If the website is blocked, nslookup will respond with the IP address of the block page. On the other hand, if the website is not blocked, nslookup will respond with the actual IP address of the website. For more detailed instructions, check out our article.

However, keep in mind that it may take 5-7 minutes for the DNS cache to update and the blocking to take effect.

In conclusion, DNS blocking is an effective way to protect your network and users from online threats. By blocking specific domain names, you can prevent access to malicious websites, adult content, and other unwanted online resources. And with the right configuration, you can ensure that your users have access to the websites they need while blocking those they don’t.