It Is Always DNS, SUNBURST Confirms

  • Tuesday, 25 May 2021 3:30PM EDT (25 May 2021 19:30 UTC)
  • Speakers: Deb Radcliff, Tanner Payne

Workforce DNS usage grew by 250% during the pandemic, making DNS a choice pathway for attackers to hide. SUNBURST, an advanced and sophisticated supply chain attack that exposed 18,000 unsuspecting companies, used innovative ways to exploit DNS. How can you ensure that your security stack will catch the next attack hiding in DNS?

In this webcast, author and analyst Deb Radcliff sits down with ExtraHop network security expert Tanner Payne to discuss ExtraHop research insights and her recently published white paper, SolarWinds SUNBURST DNS Abuse Tactics. The talk will include DNS exploit detection demos and cover:

  • Novel ways SUNBURST exploited DNS.
  • How it used malicious DLLs that looked like they belonged to SolarWinds and encoded unique identifiers into the DNS queries to identify high-value targets.
  • Why traditional security missed it and why the network detection and response (NDR) can catch the next one.


ExtraHop Networks logo