Securing DNS With Umbrella at Black Hat

Further Contributor: David Keller

Monitoring DNS is important to achieve a high-level understanding of community utilization tendencies at Black Hat. Cisco has secured Black Hat with DNS since 2017.

Routing DNS visitors by a centralized, intelligence-driven service offers priceless insights—DNS queries can reveal connections to locations starting from malware, crypto mining, and phishing websites to classes like social media, finance, and illicit actions. Furthermore, these domains are labeled into particular functions that may be reviewed in Umbrella’s App Discovery report, which highlights the usage of 1000’s of internet, desktop, and cellular apps. At Black Hat USA 2025, we began blocking encrypted DNS requests on occasion networks utilizing Umbrella DNS to make sure we had most visibility into person visitors. This pressured convention attendees to resolve requests with out encryption, enabling inspection to detect compromises or malicious exercise.

One in all our prime monitoring priorities was the ApateWeb probably undesirable program (PUP) supply and phishing marketing campaign, which makes use of ‘two/three-name’ area sample. We’ve monitored this marketing campaign at main sporting occasions, Black Hat Asia, RSAC and Cisco Reside this yr. Frequent traits for domains related to the marketing campaign are:

• Domains registered in CZ
  • NS2[.]PUBLICDNSSERVICE[.]COM: Higher than 500 Complete – Not less than Not less than 51 malicious
  • NS1[.]PUBLICDNSSERVICE[.]COM: Higher than 500 Complete – Not less than Not less than 51 malicious
• Nameservers
• Two or three random English phrases DGG (vs. random alphanumeric string)

Examples:

NOC leaders have been comfy with blocking decision requests for these domains to guard attendees from the marketing campaign, based mostly on these traits, as seen within the screenshot shared beneath.

DNS 12 months-Over-12 months Statistics

This yr, we noticed over 66.1 million DNS queries, as extra attendees determined not to connect with the convention community vs current years.

With the decline of DNS requests, we additionally noticed about the identical variety of apps at Black Hat USA as in 2024:

• 2019: ~3,600
• 2021: ~2,600
• 2022: ~6,300
• 2023: ~7,500
• 2024: ~9,300
• 2025: ~9,300

The Rise of Gen AI

Final yr, there was one stand out Utility Class that has been rising in reputation, Generative AI. It can probably be no shock that we noticed an increase within the variety of Generative AI apps accessed by attendees vs. one yr in the past.

With so many talks incorporating AI topics, the real-world utilization of attendees serves as a metric to measure the rise of adoption and the proliferation of AI instruments.

Annually, the NOC leaders give out awards for the highest requested web sites by class. In 2025 we noticed Slack maintain serve for the highest chat app, together with clashes of huge names like Apple vs. Google and Tinder vs. Hinge. We’ll current the final matchup with no remark.

See you at Black Hat Europe!

About Black Hat

Black Hat is the cybersecurity business’s most established and in-depth safety occasion sequence. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, improvement, and tendencies. Pushed by the wants of the group, Black Hat occasions showcase content material immediately from the group by Briefings displays, Trainings programs, Summits, and extra. Because the occasion sequence the place all profession ranges and educational disciplines convene to collaborate, community, and focus on the cybersecurity matters that matter most to them, attendees can discover Black Hat occasions in the USA, Canada, Europe, Center East and Africa, and Asia. For extra info, please go to the Black Hat web site.

We’d love to listen to what you suppose! Ask a query and keep related with Cisco Safety on social media.

Cisco Safety Social Media

LinkedIn
Fb
Instagram
X

Share: