DNS attacks are widespread, damaging, and increasingly hitting cloud: 2020 Global DNS Threat Report
- Published: Thursday, 11 June 2020 08:08
EfficientIP has announced the results of its 2020 Global DNS Threat Report. The annual research, which was conducted in collaboration with IDC, sheds light on the frequency of the different types of DNS attack and the associated costs for the last year.
Nearly four out of five organizations (79 percent) have experienced DNS attacks, with the average cost of each attack on surveyed organizations around $924,000. The Report shows that organizations across all industries suffered an average 9.5 attacks this year. These figures illustrate the pivotal role of the DNS for network security, as threat actors make use of DNS’ dual capacity as either a threat vector or a direct objective.
In terms of regional damage from DNS attacks, North America leads the way with the average cost of attack at $1,073,000. This is a modest decrease by about 1.36 percent from the year prior. And while the United States saw nearly a 4 percent decrease in attack damages, it still has the highest cost globally at $1,082,710.
Attackers appear to increasingly target the cloud. As the number of business-critical applications hosted in hybrid-cloud environments has increased, so has the attack surface for cybercriminals. The Threat Report shows that companies that suffered cloud service downtime increased from 41 percent in 2019 to 50 percent in 2020, a sharp growth of nearly 22 percent. The increased adoption of cloud services during the global COVID-19 pandemic could make the cloud even more attractive for attackers.
In-house app downtime remained extremely high: 62 percent this year compared to 63 percent last year. As a whole, application downtime - whether in-house or in the cloud - remains the most significant result of DNS attacks; of the companies surveyed, 82 percent said that they had experienced application downtime of some kind.
The Threat Report, now in its sixth year, shows the broad range and changing popularity of attack types ranging from volumetric to low signal. This year phishing led in popularity (39 percent of companies experienced phishing attempts), malware-based attacks (34 percent), and traditional DDoS (27 percent). Crucially, the size of DDoS attacks is also increasing, with almost two-thirds (64 percent) being over 5Gbit/s.
Despite these worrying numbers, enterprise awareness of how to combat these attacks is improving: 77 percent of respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 64 percent in the previous year. Additionally, use of Zero Trust strategies is maturing: 31 percent of companies are now running or piloting Zero Trust, up from 17 percent last year. Use of predictive analytics has increased from 45 percent to 55 percent.
DNS offers valuable information against would-be hackers that is currently going underutilized. According to results from the 2020 Threat Report, currently 25 percent of companies perform no analytics on their DNS traffic (compared to 30 percent last year). 35 percent of organizations do not make use of internal DNS traffic for filtering, and only 12 percent collect DNS logs and correlate through machine learning.
There are several ways that companies can make better use of DNS with threat intelligence and User Behavioral Analytics, to enhance attack protection capacity. A DNS security solution can feed SIEMs and SOCs with actionable data & events, thus simplifying and accelerating detection and remediation. Of companies surveyed, 29 percent used Security and Event Management (SIEM) software to detect compromised devices, and 33 percent of companies passed DNS information to SIEM for analysis (up from 22 percent in 2019).