Web / DNS Filtering – Keeping Law Firms Safe and Productive

October 12, 2021 in Afinety Cloud Platform, Security

By: Anthony Lansing

There are an estimated 1.7 billion active websites accessible on Internet as of the publish date of this article.  Over half a million new websites are created daily.  For emphasis, that’s 1,700,000,000 unique websites you can visit right now, plus an additional 500,000 for each day that has passed since this page was created.  That is a lot of websites.

It’s no surprise that with the sheer amount of websites out there, a certain percentage are malicious in nature and are used as a tool by cybercriminals to deploy ransomware, steal credentials, and more.  Some websites are designed and created to cause harm, and some get taken over by hackers without the owner’s knowledge to infect the visitors’ device.

We click on too many links and visit too many webpages every day to not have protection against these malicious websites.  That’s why we rely on Web / DNS Filtering as a crucial line of defense in our cybersecurity approach.

Web / DNS Filtering is a standard tool that automatically prevents your users from visiting a website that might infect their device.  It also comes with the added bonus for administrators to block access to designated websites, such as gambling or social media, to keep ensure your company devices are used for work purposes.

What Lurks in the Dark

It’s not always obvious when a website poses a security risk.  Even with following best practices for cybersecurity, sometimes it’s hard to tell a safe website from a dangerous one.  By the time the webpage loads it might be too late.

Malware and Ransomware Payloads

Web browsers such as Chrome and Edge are pieces of software installed on your computer.  Shocking information, right?  What we need to remember is that the way we view websites is through software on our device that loads content files from an IP address.  This software includes the browser itself, plus any extensions and plugins that may have been added to it.

Cybercriminals identify vulnerabilities in a browser’s software and use those flaws to inject code while the website is uploading files to the browser.  That code, or malware, can give them access to the browser, the operating system on the device, and from there possibly the network the device belongs to. 

Let’s say a member of your firm visits a website that is being used by cybercriminals to infect their device.  The most relevant consequences for that person and the entire firm include:

  • Ransomware.  This is where the money is at in organized cybercrime.  Ransomware is a type of malware that encrypts a user’s or organization’s files, and demands payment to return those files under the threat of leaking them or continued lockout that makes it impossible for a law firm to properly function.
  • Spyware.  You don’t get a notification when your computer has been infected.  Spyware allows criminals to monitor confidential communications and steal sensitive information without the users knowledge.
  • Stolen Credentials.  Often a result of spyware, login credentials to critical firm applications such as email and document management systems are observed and taken without the knowledge of the user.  This leads to unauthorized access to firm data and systems.

Typosquatting and Phishing

Another form of malicious website used by criminals doesn’t rely on malware or hacking.  It relies on mimicking well known websites and brands to trick the user into giving them sensitive information.

Typosquatting is a method of creating websites with a domain that looks similar enough to a reputable domain that visitors believe they are on a different, secure website.  You’ve probably seen this before – you get an unsolicited email or text message with a link to reset a password or confirm your identity from a bank or critical application.  The domain contained in the link might be similar to the bank you use, with an extra hyphen, word, or domain ending.  A real-world example is secure-wellsfargo[.]org.

The link leads to a website that looks nearly identical to trusted website you thought you were going to.  The website prompts to user to log in or complete a form, which sends the sensitive information to cyber criminals for future use.  This method is a form of phishing and social engineering that tricks the user into handing over their log in credentials or payment information.

Avenues to a Malicious Website

The above-mentioned consequences of visiting a malicious website are very profitable for bad actors.  Cybercriminals aren’t sitting back hoping for hapless visitors to stumble upon their website – they are actively promoting them.

Malvertising

As the portmanteau suggests, malvertising is a form of malicious advertising on trusted websites.  While the website the ad is displayed on is legitimate, the advertisement itself is not.  The advertisement either downloads malware upon click, called a “drive-by-download”, or leads the unsuspecting visitor to a website designed to steal their credentials.

Hacked Website

The first step taken by cybercriminals is to hack a legitimate website and remain undetected from both the website owner and its visitors.  It’s estimated that 30,000 new websites are hacked daily, and it takes an average of 280 days for the breach to be identified.  While that website was once a safe place for visitors, it is then leveraged to install malware and steal credentials from the visitors.

Phishing

Phishing has become a very popular method for cybercriminals because it relies on human error.  Cybercriminals send emails, text messages, and other forms of communication that lead the user to a malicious website under a false pretense such as the Wells Fargo example above.

Web / DNS Filtering Protects Your Firm

With billions of websites and multiple threats, law firms need a line of defense that leverages technology to automatically block users from visiting malicious websites.  That’s why Web / DNS Filtering is a core cybersecurity element for any organization.

How Web / DNS Filtering Works

Web / DNS Filtering is a technical process that runs behind the scenes.  All website addresses are connected to a separate IP address held by what is known as the Domain Name System (DNS), which is essentially a universal phonebook for the Internet.

When a user types a domain name into their browser or clicks on a link, this is the technical process with DNS filtering enabled:

  1. The DNS changes the words into an IP address – numbers that a computer can understand.
  2. The DNS looks up the IP address and connects the browser to that web server to obtain the information.
  3. Once the browser links to the web server, the DNS filter will filter it for its known category and either display the page or block it if it is malicious or on the block list.

Suppose a website is blacklisted, suspected malicious, fraudulent, or otherwise blocked by the firm’s network administrator. In that case, the browser cannot connect to the server and relay the information.  This blocks potential threats before they reach the user’s device and your law firm’s network.

Main Benefits of Web / DNS Filtering

Even websites previously considered safe may subsequently become compromised. Cybercriminals are constantly building new webpages to host malicious content and phish for information like login credential and other sensitive information. 

Thankfully, modern Web / DNS Filtering solutions are armed with advanced artificial intelligence that identifies previously unknown threats and blocks them before they cause damage.

We rely on Web / DNS Filtering as an essential tool in our cybersecurity approach because:

  • A DNS filtering system helps protect a firm’s network from cyber-attacks and prevents users from accessing and downloading malware or a phishing website that could harm the system.
  • DNS keeps a list of malicious websites updated in real-time, so when a user tries to access a blocked website, DNS filtering will automatically redirect them to a local page explaining why they cannot connect to that site.
  • Firms can improve productivity by using DNS filtering to block employee access to websites that are inappropriate for work or unproductive uses of time.
  • If your firm’s network is growing exponentially, a DNS filter will automatically scale your network and increase its efficiency for the potential clients attempting to access it in real-time.

Our goal as a cloud hosting platform for law firms is to keep your law firm safe and productive.  Reach out to us to learn more about our cybersecurity approach that provides essential protections while allowing your firm to work at anytime from anywhere.

Do You Like Our Blog?
Sign Up For Our Newsletter Now!