Heimdal Security

Keep malware away from your computer

Introducing Heimdal Security

Now is the era of ransomware; where Cybersecurity started to become more of a widespread concern. The problem with all of this, though, is that talking about cybersecurity and the threats that are out there, is not going to make it go away. The threats remain as the hacking world continues to grow and evolve. Through Heimdal Security, stem.net has an answer to these threats.

Please watch the short video on the right to see what Heimdal is and how it works!

For the less ‘techy’ among us… What is DNS?

DNS is an abbreviation for ‘domain name system’ and defines the relationship between domain names and IP addresses. When attempting to access a particular web address, the DNS translates the domain name you type in (the URL) into an IP address, therefore enabling the user to access the correlating site. This translation happens in the blink of an eye and is not made visible to the user (it’s much easier to remember google.com than its IP address!). Essentially, the DNS is a satnav that guides the URL request down a variety of roads through the internet and brings you to your end location. It also acts as a server that analyses your requests to view websites or to download media.

By default, your DNS is set to obtain a DNS server address automatically by Windows, however, your DNS can also be manually set by either your internet service provider, Google Public DNS or a cyber security solution. You can check your DNS settings in your network connections in your control panel.

So why is it so important for the DNS to be kept safe?

According to ‘Infosecurity Magazine’, in 2016, nearly 20% of UK businesses experienced some form of DNS attack – a much higher statistic when compared with any other country in the world, including the hacking hotspot of America. Basically, a disproportionally large percentage of UK businesses have had their DNS compromised and have suffered financial and operation losses as a result. This suggests that the UK is more susceptible to DNS attacks than anywhere else in the world.

Taking control of someone’s DNS enables a hacker to abuse the way in which your browser communicates with the world-wide-web and would, therefore, allow it to infect and extract any data from your DNS upon request. For example, cybercriminals would be able to send you to a copy of your online banking website and collect your online banking details as you enter them in. Antivirus software would be no use in a scenario such as this because it only has the ability to scan your files and system, behaviour, not internet traffic (this is where an additional layer such as Heimdal Security comes into play).

According to the Heimdal Security geeky team, it is advantageous for a hacker to target DNS services for a variety of reasons;

  • It’s stealthy and difficult to detect
  • It avoids antivirus detection, which rely exclusively on signatures
  • It opens up compromised systems to a huge array of attack vectors
  • It gives attackers a direct channel to feed the system with malware – a recent report from Cisco states 91.3% of Ransomware attacks happen via DNS level dial backs.
  • It provides a way to use a combination of attack methods that can use the system for DDoS attacks and other malware-spreading campaigns.

How can a DNS be compromised?

A hacker can attack a DNS in one of two ways; DNS cache poisoning or DNS hijacking.

DNS Cache Poisoning (or spoofing) is where the domain name translation process is corrupted and the cache stored by a DNS is poisoned by an insertion of corrupt data. This attack causes the DNS to return false IP addresses and enables the hacker to strategically redirect all internet traffic to automatically download sites that feed your PC malware. If the DNS server is used across multiple machines e.g. provided by an ISP, then all machines will be affected and their internet traffic will be diverted towards the hacker’s chosen sites. DNS cache poisoning is very difficult to detect and can easily slip under any antivirus product installed.

Another form of attack is DNS Hijacking, where the DNS settings are changed entirely to manual from the default, as a result of a Trojan, to enable the hacker to re-route all requests to a new, rogue DNS server. Therefore, all traffic requests that are made will be to malicious IP addresses. This form of attack often involves an additional stage whereby the affected machines can be enrolled into a botnet that enables full control over the system.

Both of these forms of attack can be described as ‘broker attacks’ in that the hacker is able to slip in-between the machine and the internet access of the victim.

How and why Heimdal protects your DNS:

Heimdal users benefit from the bespoke and dedicated DNS service built by the in-house team that filters all internet traffic through the intelligence database. This is essentially a dynamic history book of all known malicious sites that keeps you safe from the following:

  • phishing and pharming websites
  • malvertising
  • websites that have malicious code injected
  • traffic redirects
  • malicious downloads
  • exploit kits
  • data leakage
  • malware-laden traffic that tries to drop ransomware and other threats

Automated Software Updates

Save time and enhance your security with Heimdal automated software updates. Not many people know this, but updating software blocks up to 85% of web attack angles. However, we know updates are a hassle, but Heimdal can fix that.

The software manager in Heimdal installs updates automatically and without interrupting your work (or fun). It can also install new software for you, fast and safely.

When your security-critical applications are up to date, you close security holes that cyber criminals exploit in their attacks. Sounds simple? It is. And effective too!

Why have Heimdal and Anti-Virus / Anti-Malware Software?

Heimdal works with the vast majority of antivirus programs as there are no overlapping functions. Heimdal provides an extra layer of security that you do not get from your antivirus, thus complementing its features with a proactive defense behavior.

What should you do now?

Do you want to keep your business safe?

Use the form on the right to get in touch with stem.net and talk to an expert.