By resolving hostnames with IP addresses, the Domain Name System (DNS) plays a critical role for organizations by ensuring that users are directed to the right sites, servers, applications, and other resources. But DNS is beset by certain weaknesses that make it vulnerable to hackers and cyberattacks. To guard against such attacks, organizations need to adopt specific countermeasures, as outlined in new research sponsored by EfficientIP and conducted by IDC.

Released on Tuesday, the 2019 Global DNS Threat Report reveals an increase in the number of DNS attacks and the level of damage they leave behind. Over the past year, 82% of the organizations surveyed for the report were hit by a DNS attack. On average, these businesses were the victims of more than nine DNS attacks, an increase of 34% over the prior year. The costs of these attacks rose by 49%, as one in five organizations lost more than $1 million in the aftermath of each attack.

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)

As a result of the increased DNS attacks, 63% of the organizations suffered downtime for in-house applications, 45% saw their websites compromised, 27% experienced business downtime, 26% were hit by damage to their brand, and 13% saw the theft of sensitive information. The data also showed an increase in specific types of DNS attacks, including phishing, DNS-based malware, DDoS attacks, and DNS tunneling.


DNS attacks target a variety of industries, each with certain consequences. Financial services was the most targeted sector, telecom and media was hit by the highest amount of brand damage, government saw the highest level of the theft of sensitive information, and utilities suffered the highest costs from such attacks, according to the report.

To fight back against DNS attacks, organizations have typically operated in reactive mode. When hit by an attack, businesses will typically turn off affected processes and services, disable some or all of the affected applications, and even shut down the business service. What’s needed, argues EfficientIP, is a more proactive approach to prevent or predict these attacks before they occur, or at least before they can cause significant damage. And organizations are starting to do just that.

“While these figures are the worst we have seen in five years of research, the good news is that the importance of DNS is at last being widely recognized by businesses,” EfficientIP CEO David Williamson said in a press release. “Mainstream organizations are now starting to leverage DNS as a key part of their security strategy to help with threat intelligence, policy control and automation, thus building a good foundation for their zero trust plan.”

Among the organizations surveyed by IDC, 64% said they use DNS analytics to detect compromised devices, 35% supplement their threat intelligence with internal analytics on DNS traffic, and 53% use machine learning to scan for malicious domains. Further, zero trust is taking a more active role as organizations are increasingly treating both internal and external traffic and resources as untrusted by default. Among the respondents, 17% said they already run on zero-trust architecture, while 48% are eyeing it as part of their security strategy.

To combat DNS attacks, EfficientIP offers the following three recommendations:

  • Implement internal threat intelligence to protect your enterprise data and services. Real-time DNS analytics can help detect and thwart advanced attacks such as DGA (domain generation algorithm) malware and zero-day malicious domains.
  • Use DNS to ensure security compliance. Integrating DNS with IPAM (IP address management) in network security orchestration processes can help automate the management of security policies, keeping them current, consistent, and auditable.
  • Leverage DNS’s unique traffic visibility in your network security ecosystem to help SOCs accelerate remediation. Implementing real-time behavioral threat detection over DNS traffic ensures that qualified security events rather than logs are sent to your SIEM (security information and event management) software.

IDC conducted its research from January to April 2019. The results are based on responses from 904 people across North America, Europe, and Asia Pacific. Respondents included CISOs, CIOs, CTOs, IT managers, security managers, and network managers.

Image: iStockphoto/peshkov