DNSSEC: How Savvy Attackers Are Using Our Defenses Against Us

The domain name system security extensions (DNSSEC) were conceptualized as a way to protect DNS – a necessary, yet vulnerable layer of the Internet – from attacks and cache poisoning. But if not properly used, DNSSEC can quickly transform from a company’s security plan to an instrument of destruction.

In our recent study of one sector’s DNSSEC usage, we found more than 1,000 domains that weren’t properly managed and are capable of being manipulated to amplify already dangerous DDoS attacks.

Other findings from the study include:

  • 80% of the domains in one sector are vulnerable to being repurposed as a DDoS amplifier
  • 28.9x – The average amplification factor for a DNSSEC signed zone
  • 17,377 – The largest amplification response

Read this report to learn more about the study, and how hackers are already exploiting DNSSEC.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Neustar logo
Provided by:
Neustar
Topic:
Security
Format:
PDF