If you’ve heard about the increasing prevalence of DNS attacks, or you’ve caught wind of DNS attack stats, you might realize the level of concern you should have as far as this cybersecurity risk.
If you haven’t, below are some of the critical things to know about DNS attacks right now and going through the rest of 2021.
The COVID-19 Pandemic and Digital Transformation
Over the past year-and-a-half, businesses have been forced to speed up their digital transformation. There are a few key reasons for this. First, there are still employees working off-site, and with the Delta variant circulating, it’s unlikely that will come to a complete end anytime soon. That growth in off-premises work requires more dependence on cloud-based services and products, thus the need for rapid digital transformation.
As a result, attackers have been honing in on weaknesses and vulnerabilities that exist primarily because of the pandemic meaning DNS security has to be a key priority.
DNS is like a phone book for your IP addresses, which have assigned domain names. When someone types a web address into their browser, it doesn’t understand the domain names. Instead, the IP address is needed, which is the server's address where it’s hosted.
When hackers take advantage, in any way, of the vulnerabilities that exist in the Domain Name System, it’s known as a DNS attack.
The Threat Landscape
According to the DNS Threat Report from 2021, we see that these attacks are highly damaging and expensive. Around 90% of organizations reported DNS attacks in the past year.
The average cost of each?
Around $950,000.
The same report found that organizations in all industries dealt with an average of 7.6 attacks over the past year.
North America sees the most severe damages as is typically the case in these situations, but Asia saw a significant rise in damages, 15% higher than the previous year.
Countries with average damages above $1 million, aside from North America, included France, Germany, and India.
While any industry or sector can be a target, some of the ones that appear to be most vulnerable right now include healthcare, financial services, and telecommunications, and media. The healthcare sector saw an increase of around 12% in cost per attack over last year.
Remote work, as has been mentioned, is playing a role in the threat landscape as it currently exists. For example, in the Threat Report cited above, 55% of responding companies said DNS security is critical to protect their remote workforce.
What is a DNS Attack?
If you aren’t familiar, a Domain Name Server attack, also called a hijack or redirection, is one type of DNS attack. In this commonly seen situation, the DNS queries are incorrectly resolved. The result is that users are sent, unknowingly, to malicious sites. To do this type of attack, a cybercriminal will usually intercept or hack DNS communication, install malware on the computers of users or take over routers.
With a DNS hijacking attack, there are a few different types. There’s a Man in the Middle DNS attack, intercepting communication between users and the DNS server. The result is that a different IP address is provided, which points to a malicious site.
When a local DNS hijack occurs, the attackers will install malware on a computer or device, so they can then change the DNS settings, to redirect to malicious sites.
Specific types of DNS attacks can also include:
• Network flooding: DNS servers can be susceptible to a network-based attack. With a flood attack, the service becomes unavailable to other users because the network link going to the DNS servers is saturated.
• Vulnerabilities in software: With this type of attack, a specific vulnerability can be exploited. Then, entries can be created in a DNS database, or the cybercriminals might cause the DNS server to crash.
• Subdomain attack: This type of attack overwhelms the name services so it’s like a flood attack, but it’s specific in that the attacker would send many queries for subdomains that more than likely don’t exist. Then, what happens is that other DNS queries are disrupted.
• Cache poisoning: In this type of attack, answers stored in a cache are affected, so your users get corrupted responses.
Above is only a brief overview of some of the relevant things to know about DNS attacks. According to DNS attack stats what we know is that there were, for example, 125% more domain hijacking attacks this year compared to last.
It’s important to rely on security solutions that prevent or mitigate DNS attacks, and it should be a key strategic priority in your overall cybersecurity plan right now.
COMMENTS