Ensign has observed a pattern of abnormal queries on public DNS servers through its DNS Anomaly Behavioural Model, a proprietary tool of Ensign Labs team. The anomalies included sharp spikes of DNS requests within a short time-frame, and a sequence of suspicious DNS queries with no subsequent TCP/UDP traffic upon resolution of the domain name. Our team of analysts investigated the anomalies further, and the details of the analysis can be found in this report.
Highlights from the advisory include: