Traffic to an unusual DNS resolver
Description
AlphaSOC detected network traffic to an unusual DNS resolver. Threat actors may attempt to use custom DNS servers to redirect traffic and bypass security controls.
Impact
Redirecting traffic to an unusual DNS resolver enables threat actors to carry out attacks such as phishing, malware distribution, or data exfiltration, all while evading detection.
Severity
Severity | Condition |
---|---|
Low | Traffic to an unusual DNS resolver |
Investigation and Remediation
Review logs for unusual DNS traffic patterns and identify any DNS configuration changes to determine whether the modification is authorized. If unauthorized activity is confirmed, reset DNS settings to trusted resolvers and conduct a thorough security assessment to identify potential compromises or data breaches.