How DNS attacks threaten organizations

Application downtime was the most significant side effect of a DNS attack, according to EfficientIP and IDC.

dns-threat-report-2020-zoom-dns-based-attacks.jpg

Image: EfficientIP and IDC (IDC #EUR146302820)

Organizations rely on their own internal Domain Name System (DNS) servers to properly route users to the right computers, applications, and files. If DNS isn't functioning correctly, then users won't be able to access the resources they need. As effectively as it works, DNS does contain certain security flaws, which hackers are always happy to exploit. A report released Wednesday by network automation and security provider EfficientIP and research firm IDC discusses how DNS is prone to attack and what organizations can do to protect their DNS security.

Based on a survey of 900 technology professions across North America, Europe, and Asia Pacific, the "2020 Global DNS Threat Report" found that 79% of organizations were hit by DNS attacks in 2019, down slightly from 82% in 2018. The organizations surveyed suffered an average of 9.5 attacks last year, resulting in an average cost of around $924,000 per attack.

Based on the vulnerabilities within DNS, cybercriminals can launch DNS-based attacks using a variety of methods. Phishing was the most common DNS-related attack method used in 2019, cited by 39% of the respondents. DNS-based malware was second, listed by 34% of those polled. Other common attack methods included Distributed Denial-of-Service (DDoS) attacks (27%), DNS amplification (21%), false positive triggering (19%), and DNS tunneling (17%).

SEE: Hiring kit: Network administrator (TechRepublic Premium) 

Among the side effects of DNS attacks, application downtime was the most pervasive—82% of the respondents hit by a DNS attack reported app downtime—whether in-house or via a cloud environment such as Microsoft Azure or Amazon Web Services. Some 62% experienced downtime of in-house apps only.

Other side effects of an attack included cloud service downtime (reported by 50%), a compromised website (46%), brand damage (29%), loss of business (29%), and the theft of sensitive information (16%). The increased reliance on the cloud during the coronavirus lockdown likely made it a more inviting target for attackers, according to EfficientIP and IDC.

dns-threat-report-2020-zoom-impact-statistics.jpg

Image: EfficientIP and IDC (IDC #EUR146302820)

Based on the survey, DNS attacks affected a range of industries in different ways. Financial services firms suffered the biggest cost per attack at $1.3 million, an indication that criminals seek out high-value targets. Manufacturing companies took the longest amount of time to mitigate an attack at seven hours on average. Typically one of the least secure industries, the educational sector saw the highest level of stolen customer information. Telecom & media was the most targeted industry with an average of 11.4 attacks.

On the plus side, more organizations consider their DNS security critical. A full 98% of respondents said they have some type of DNS security in place. Among those, more than half are using a dedicated DNS security solution. Further, 31% of those polled have implemented or are testing Zero Trust strategies to help protect their DNS infrastructure.

Still, there's room to grow. A quarter of the respondents said they perform no analytics on their DNS traffic. Some 35% don't take advantage of their internal DNS traffic for filtering and only 12% collect DNS logs and correlate them through machine learning.

"In this era of key IT initiatives like IoT, Edge, SD-WAN, and 5G, DNS should play a much larger role in the security ecosystem," Ronan David, VP of strategy for EfficientIP, said in a press release. "It offers valuable information that can make security strategies against hackers much more proactive and preventative. The COVID-19 pandemic has exacerbated the need to shore up DNS defenses, when any network or app downtime has major business implications."

To protect the DNS security of your organization, EfficientIP and IDC offer the following recommendations:

  • Elevate your threat detection capability with user behavioral analytics to empower Zero Trust. Using the unique capabilities of DNS security to view and analyze client behavior improves end-to-end intelligence and reduces the risk of false positives.
  • Accelerate threat investigation by including DNS security in your security-by-design framework. Connecting security silos by sharing actionable DNS data with the ecosystem enhances SOC (system on a chip) efficiency.
  • Ensure business continuity by implementing purpose-built DNS security with effective auto-remediation capability. Incorporating adaptive countermeasures limits attack damage by reducing mitigation times.

To compile its 2020 Global DNS Threat Report, EfficientIP commissioned IDC to conduct and research a survey from January to April 2020. The results were based on responses from 900 individuals in North America, Europe and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT managers, security managers, and network managers.

Also see