MDBR Stops Ransomware, Phishing, Malware, and More

U.S. State, Local, Tribal, and Territorial (SLTT) government organizations, schools, and hospitals are becoming increasingly reliant on technology. The Center for Internet Security’s (CIS’s) Malicious Domain Blocking and Reporting (MDBR) service has been protecting these entities from being targets of ransomware, malware, and phishing attacks. One year since its inception in July 2020, MDBR has blocked more than 1.5 billion requests to known bad web domains for public sector organizations.

Ransomware, Phishing, Malware: Small Actions for Mighty Returns

SLTT organizations house massive amounts of personal information including social security numbers, employee, patient, or student records, and billing information. It makes them prime targets for cyber-attacks as the payoff for this information is far greater than other stolen data such as credit card numbers.

What makes cyber attacks successful is that a majority of them start with small actions. A phishing email, or a fake website URL that downloads malware on a computer. For example, malware most commonly finds its way into SLTT organizations through either malspam, unsolicited emails that either direct users to malicious websites or trick users into downloading or opening malware, or malvertisements, malware introduced through malicious advertisements. If the targeted user takes the bait an attacker can gain access to an entire database.

The 2020 Verizon Data Breach Investigations Report (DBIR) found that ransomware disproportionately affects the public sector (more than 60% of malware incidents vs. 27% of malware in all sectors).

For governments, hospitals, and schools this could mean public records being stolen, or worse, a full shut down of the institution itself until the money is paid.

Malicious Domain Blocking and Reporting (MDBR)

Protecting against these common types of attacks can be costly and time-consuming. The MDBR service from CIS is available at no cost to all U.S. SLTT organizations, as well as all public and private hospitals in the U.S., in partnership with technology provider Akamai.

MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.

How MDBR Works:

MDBR proactively blocks network traffic from an organization to known harmful web domains, helping protect IT systems against cybersecurity threats. Once an organization points its domain name system (DNS) requests to the Akamai’s DNS server IP addresses, every DNS lookup will be compared against a list of known and suspected malicious domains. Attempts to access known malicious domains such as those associated with malware, phishing, and ransomware, among other threats, will be blocked and logged. CIS will then provide reporting that includes log information for all blocked requests and assist in remediation if needed.

Learn how MDBR shields organizations from cyber threats by watching our short video:

MDBR Expands Its Reach

MDBR was initially released to SLTT government entities at no cost in July 2020. Based on the early success in protecting these organizations the service was expanded to service public and private hospitals as well as K-12 schools. *

At the end of May 2021, MDBR had received 222.4 billion DNS requests and blocked more than 1.5 billion of those requests to known bad web domains for public sector members. This represents 1.5 billion potential malware or ransomware infections that could have impacted these organizations.

Malware and phishing were the main types of attacks making up 72% of the domains blocked by MDBR for SLTTs in the last 12 months.

Adoption of this service continues to grow as the service can be implemented within 15 minutes or less and requires virtually no maintenance as CIS and Akamai fully maintain the systems required.

*While MDBR was offered at no cost to U.S. private hospitals for a limited time, that offering has been discontinued in favor of MDBR+, a low-cost, cloud-based secure DNS service that provides real-time reporting, custom configurations, and off-network device protection. Learn more about MDBR+ here.