Alina POS Malware and The Importance of DNS Security

The discovery of Alina Point of Sale (POS) malware has highlighted the need for networks to protect themselves at the DNS level

A new DNS-based threat has emerged. The Alina Point of Sale malware infects, clients, captures credit card information and exfiltrates that stolen information using a DNS tunnel. This malware highlights the need for a secured DNS, as Black Lotus Labs points out “DNS is often left available, and too commonly goes unmonitored. This makes DNS an attractive choice for outbound communication in POS malware, including the exfiltrating of stolen credit card information”. Without securing the DNS, you leave yourself wide open to attack.

“DNS is often left available, and too commonly goes unmonitored. This makes DNS an attractive choice for outbound communication in POS malware, including the exfiltrating of stolen credit card information”.

How DNS tunneling can be used for data exfiltration

Fortunately, Secure64 DNS TunnelGuard specifically protects against this sort of data exfiltration. TunnelGuard is part of a family of DNS-based security services that protect the network and its users.  DNS TunnelGuard is an on-box security service that uses sophisticated and proprietary technology to detect and automatically block the most common DNS tunnels, such as those from Alina POS, with a high degree of accuracy, and minimal impact on DNS performance.  TunnelGuard analyzes and detects tunnels on the DNS Cache server itself, resulting in much faster detection, blocking tunnels before they have a chance to cause harm.

How Secure64 DNS TunnelGuard detects tunnels

To defend against malware like this from ever reaching end users in the first place, Secure64 offers DNS MalwareGuard. It protects users from sites that download malicious software such as viruses, trojans and worms at the DNS level, while also blocking communication between bot-infected devices and their command and control centers so the bot is rendered harmless.

When the protection of Secure64’s DNS Guard portfolio is combined with the built-in malware resilience of Secure64’s SecureOS, a Secure64 DNS solution is able to defend your network and your customers against Alina POS, and the countless other new threats that will emerge.