Vital Signs: Using DNS to Predict Adversary Moves in Healthcare

Give Threat Actors a Dose of Their Own Medicine

The medical community emphasizes preventative care to detect or prevent illness and serious diseases before they become critical. That same principle can be leveraged in the defender community working to prevent ransomware, phishing, or the manipulation of prescriptions in electronic healthcare records (EHRs). Defenders who learn all they can about adversary infrastructure including domains or IP addresses can thwart an attack before it’s too late. 

In this live presentation, Malachi Walker (Security Advisor at DomainTools) and Yelisey Bohuslavskiy (Chief Research Officer at RedSense) will equip the audience with context regarding the state of ransomware within the healthcare industry along with discoveries and methodologies from the DomainTools research team in phishing, malware, and spam that impact information security professionals. 

You’ll leave this discussion with an understanding of how: 

  • Domain spoofing research is working to prevent ransomware
  • Techniques such as analysis of passive DNS and domain registration records can support investigations 
  • DNS can be used to draw connections between malicious domains and predict moves by adversaries