How IT teams can prevent phishing attacks with Malwarebytes DNS filtering

Phishing attacks are a persistent threat to businesses globally. 

According to Verizon, 82 percent of data breaches in 2021 involved the human element—with phishing attacks making up over 60 precent of these. And if it ain’t broke, don’t fix it: threat actors have only continued to use phishing to attack businesses in 2022, with the Anti-Phishing Working Group (APWG) recording a 15 percent increase in phishing attacks in Q1 2022 compared to Q4 2021.

With Malwarebytes DNS filtering, however, you can prevent a large swath of phishing attacks. Our DNS filtering module extends our Nebula platform to help prevent risks introduced from nefarious websites and downloadable web content.

In this post, we’ll walk through what it looks like to block phishing attacks with Malwarebytes DNS filtering.

How to block phishing domains with DNS filtering 

Let’s say one of your employees gets an email like the one below. 

Photo credits: Phishing.org

Without some kind of phishing protection in place, after clicking on a link in the email there’s a chance the employee might give up some sensitive information or be tricked into downloading a malicious program.

Obviously, we want to prevent that. 

Let’s press pause here and go back in time to set up our DNS filter in Nebula. 

Above, you’ll see the dashboard for the DNS Filtering module in Nebula.

Let’s navigate to the “Rules” section and hit “New”.

Here, we’re prompted to name the rule and also select a policy to which the rule should be applied. 

I’m naming mine “Phishing block” and applying it to four of my endpoints.

Heading over to the “Categories” page, we see that “Use preconfigured settings” is enabled by default. This automatically blocks each subcategory in the “Security” category.

For demonstration purposes, we’ll leave this untoggled. Just know that each of these security subcategories are available (and recommended to use)!

Let’s scroll down to the “Phishing” option and toggle it.

I

Under allow lists you can add domains to exclude from this DNS rule. We’ll leave it blank: we don’t want to allow any phishing sites!

You can also add domains to block certain domains. We’ll also leave this blank!

Let’s flash forward in time to our employee who received the phishing email. Unfortunately, they clicked a URL in it—but no need to worry. 

Our DNS filtering kicked in and blocked the site, the outcome of which you can see below.

This is the default page, but can even customize it to your liking by going to the “Global Settings” tab. 

How does it work?

It works because Malwarebytes DNS filtering is powered by Cloudflare, which has a massive database of known phishing sites to which we can instantly block access using the intuitive Nebula UI.

But what happens if a phishing website somehow gets through and a malicious program (ransomware, for example) is installed on an endpoint? 

The answer is part of what makes our DNS filtering solution so holistic: because it is an add-on to our Endpoint Detection and Response product, a threat that gets through can be detected and mitigated using our EDR’s isolation and remediation capabilities

In other words, DNS filtering helps you filter the easily-blocked known threats, giving time back to your organization to focus on remediating the threats that do get through with our EDR.

Block threats from infiltrating browsers and web-based apps

Malwarebytes DNS Filtering module for Nebula helps block access to malicious websites and limit threats introduced by suspicious content. 

While we focused on preventing phishing threats in this post, the story doesn’t end there. You can also block access to spyware, DNS tunneling, crypto mining sites, and many other websites and domains that pose a security risk. 

Interested in learning more? Read the Malwarebytes DNS filtering datasheet. 

Further reading

What is DNS filtering?

3 ways DNS filtering can save SMBs from cyberattacks

DNS security for your small business

Introducing Malwarebytes DNS Filtering module: How to block sites and create policy rules

https://blog.malwarebytes.com/feed/