DNS attacks are posing an increasing threat to businesses
- Published: Wednesday, 28 June 2017 08:14
EfficientIP has published the results of a survey that was conducted for its 2017 Global DNS Threat Survey Report. It explored the technical and behavioural causes for the rise in DNS threats and their potential effects on businesses across the world.
Major issues highlighted by the study, now in its third year, include a lack of awareness as to the variety of attacks; a failure to adapt security solutions to protect DNS; and poor responses to vulnerability notifications. These concerns will not only be subject to regulatory changes, but also create a higher risk of data loss, downtime or compromised reputation.
According to the report, carried out among 1,000 respondents across APAC, Europe and North America, 94 percent of respondents claim that DNS security is critical for this business. Yet, 76 percent of organizations have been subjected to a DNS attack in last 12 months and 28 percent suffered data theft. The Global DNS Threat Survey Report also estimates the yearly average costs of the damages caused by DNS attacks to be $2.236 million for organizations with more than 3,000 employees. The leading causes were malware (35 percent), DDoS (32 percent), cache poisoning (23 percent), DNS tunnelling (22 percent) or zero-day exploits (19 percent).
“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organizations across the globe and their IT departments still don’t fully appreciate the risks from DNS-based attacks,” said David Williamson, CEO at EfficientIP.
Globally, the results varied widely. 39 percent of respondents from the UK and US demonstrated more awareness of the top five DNS-based attacks than Spain (38 percent), Australia (36 percent), Germany (32 percent) and France (27 percent), but less than India (50 percent) and Singapore (47 percent). In the UK, the attacks organizations are the most aware of include: DNS-based malware (52 percent), DDoS (43 percent), DNS tunnelling (39 percent), cache poisoning (34 percent) and zero-day exploits (28 percent).
Other key UK findings include:
- Almost a third (29 percent) of organizations surveyed experienced data exfiltration via DNS. Of those, 16 percent had sensitive customer information stolen and 15 percent intellectual property stolen.
- A third (34 percent) stated they have experienced more than five attacks in the last 12 months.
- By taking the measure of closing down affected applications to mitigate an attack, 38 percent of organizations achieved what the attacker intended to do.
- For 50 percent of those who experienced a DNS attack, it took more than six hours, almost a full business day to mitigate it, requiring more than four members of staff in 34 percent of cases which for many organizations may be their entire network security team.
- Most worryingly, many believe they are protected, but they are not. Almost all organizations (99 percent) in the UK did not apply the necessary security patches, compare to 83 percent globally.
Recommendations from the report
The following steps can be taken by organizations to ensure continuity of service and data protection:
- Replace useless firewall and load balancers with purpose-built DNS security technology;
- Keep their DNS security up to date by patching DNS servers more often;
- Enhance their threat visibility by using deep DNS transaction analysis.
The report survey was conducted by Coleman Parkes from February to March 2017. The results are based on 1,000 respondents in three regions. Respondents included CISOs, CIOs, CTOs, IT managers, security managers and network managers.