Securing DNS With Umbrella at Black Hat

Extra Contributor: David Keller

Monitoring DNS is important to realize a high-level understanding of community utilization developments at Black Hat. Cisco has secured Black Hat with DNS since 2017.

Routing DNS site visitors by way of a centralized, intelligence-driven service gives invaluable insights—DNS queries can reveal connections to locations starting from malware, crypto mining, and phishing websites to classes like social media, finance, and illicit actions. Furthermore, these domains are labeled into particular functions that may be reviewed in Umbrella’s App Discovery report, which highlights using hundreds of internet, desktop, and cellular apps. At Black Hat USA 2025, we began blocking encrypted DNS requests on occasion networks utilizing Umbrella DNS to make sure we had most visibility into consumer site visitors. This pressured convention attendees to resolve requests with out encryption, enabling inspection to detect compromises or malicious exercise.

Certainly one of our high monitoring priorities was the ApateWeb probably undesirable program (PUP) supply and phishing marketing campaign, which makes use of ‘two/three-name’ area sample. We’ve monitored this marketing campaign at main sporting occasions, Black Hat Asia, RSAC and Cisco Stay this yr. Widespread traits for domains related to the marketing campaign are:

• Domains registered in CZ
  • NS2[.]PUBLICDNSSERVICE[.]COM: Larger than 500 Whole – A minimum of A minimum of 51 malicious
  • NS1[.]PUBLICDNSSERVICE[.]COM: Larger than 500 Whole – A minimum of A minimum of 51 malicious
• Nameservers
• Two or three random English phrases DGG (vs. random alphanumeric string)

Examples:

NOC leaders have been comfy with blocking decision requests for these domains to guard attendees from the marketing campaign, primarily based on these traits, as seen within the screenshot shared under.

DNS 12 months-Over-12 months Statistics

This yr, we noticed over 66.1 million DNS queries, as extra attendees determined not to hook up with the convention community vs latest years.

With the decline of DNS requests, we additionally noticed about the identical variety of apps at Black Hat USA as in 2024:

• 2019: ~3,600
• 2021: ~2,600
• 2022: ~6,300
• 2023: ~7,500
• 2024: ~9,300
• 2025: ~9,300

The Rise of Gen AI

Final yr, there was one stand out Utility Class that has been rising in reputation, Generative AI. It should possible be no shock that we noticed an increase within the variety of Generative AI apps accessed by attendees vs. one yr in the past.

With so many talks incorporating AI topics, the real-world utilization of attendees serves as a metric to measure the rise of adoption and the proliferation of AI instruments.

Annually, the NOC leaders give out awards for the highest requested web sites by class. In 2025 we noticed Slack maintain serve for the highest chat app, together with clashes of massive names like Apple vs. Google and Tinder vs. Hinge. We’ll current the final matchup with no remark.

See you at Black Hat Europe!

About Black Hat

Black Hat is the cybersecurity business’s most established and in-depth safety occasion collection. Based in 1997, these annual, multi-day occasions present attendees with the most recent in cybersecurity analysis, growth, and developments. Pushed by the wants of the group, Black Hat occasions showcase content material instantly from the group by way of Briefings shows, Trainings programs, Summits, and extra. Because the occasion collection the place all profession ranges and tutorial disciplines convene to collaborate, community, and focus on the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in the US, Canada, Europe, Center East and Africa, and Asia. For extra info, please go to the Black Hat web site.

We’d love to listen to what you assume! Ask a query and keep related with Cisco Safety on social media.

Cisco Safety Social Media

LinkedIn
Fb
Instagram
X

Share: