Silent Push Examines the Dark Side of Dynamic DNS Providers
www.silentpush.com
Silent Push created a set of reports tracking 70,000+ domains to enable organizations better monitor potentially malicious host connections.
Key Findings
  • Publicly rentable subdomain providers, also known as “Dynamic DNS providers,” can be benign, but they are also frequently exploited by threat actors who take advantage of lower-quality, temporary hosting arrangements.
  • Services that rent these subdomains are increasingly used for malicious purposes, as they may circumvent regulations with lax registration, operational practices, and often ignore takedown requests.
  • Silent Push has created a set of data export reports that monitor more than 70,000 domains renting subdomains to help enterprise organizations more closely monitor and alert—or block outright—the connections to these hosts, based on their risk tolerance.

New research developed by Silent Push Threat Analysts has been compiled into a set of exclusive exports, enabling organizations to track approximately 70,000 domains that rent subdomains, also referred to as “Dynamic DNS” providers.

These types of web hosts can be of concern because they allow anyone—malicious or otherwise—to register subdomains and host their own content on them. Typically, DNS records are also automatically managed by the service that rents the subdomains, though this is not the case with all publicly rentable subdomains.

Our enterprise customers have exclusive access to the set of data exports designed to address threat actor usage of this type of infrastructure for hosting and launching attacks.