Existing security can't handle DNS attacks

All businesses agree that DNS protection is important - but few are doing it

DNS security is critical for business, say 94 per cent of the 1,000 respondents to EfficientIP's new Global DNS Threat Survey Report. Despite that, 76 per cent of organisations have undergone a DNS attack in the last 12 months, and 28 per cent have suffered data theft.

EfficientIP questioned respondents from Europe, North America and APAC. Of these, half were from organisations of 1,000 - 2,999 employees, with other sizes of company (3,000 - 4,999; 5,000 - 9,999; and 10,000+ employees) all represented nearly equally.

A DNS threat takes place when the DNS server is being attacked or used to launch an attack (a DNS server can be both the target and vector). The most common forms are malware; DDoS; and cache poisoning, but other types include typosquatting (purposefully misspelling a domain name so that it is very similar to an existing domain) and DNS tunnelling.

Knowledge of DNS-based attacks is low, with only 51 per cent of businesses aware of DNS-based malware (despite as much as 91 per cent of malware using DNS, according to a 2016 Cisco report). 41 per cent were aware of DNS DDoS attacks and 26 per cent of DNS Zero-Day vulnerabilities.

These results varied worldwide. For example, 39 per cent of respondents in the UK and USA were aware of the top five DNS attacks: more than Spain (38%), Australia (36%), Germany (32%) and France (27%), but less than India (50%) and Singapore (47%).

DNS-based malware is the most common form of attack, but EfficientIP believes that DNS DDoS is the most harmful. CEO David Williamson said, "Recent massive DDoS attacks such as Dyn have highlighted the risks Internet of Things (IoT) devices can pose as a new vector used by attackers to stop organisations from doing business online. This type of new threat can also come from inside the network, so IT teams must quickly protect their internal DNS infrastructure."

"I'm protected from that"

Don't be sure that your current protection covers you against DNS; many existing security systems were not designed to handle these threats. For example, traditional solutions such as firewalls do not perform complete DNS transaction analysis, and so cannot detect data exfiltration via the protocol.

The industry's move to cloud computing also has its own risks - as the Dyn attack in 2016 taught Twitter, CNN, Spotify and more. The survey shows that more than 40 per cent of organisations have suffered downtime of their cloud apps due to DNS attacks. This means that hosted or cloud solutions should not be the only provider of DNS services used: businesses should take a more hybrid approach, instead.

All sectors are vulnerable to these attacks, even if the type varies: retail was more vulnerable to malware, for example, while manufacturing was the target of DDoS. The average cost of a single DNS attack this year, in firms of more than 3,000 employees, is $2.2 million; small (1,000 - 2,999 employees) firms pay around $277,000.

As mentioned above, almost 30 per cent of businesses questioned have had data stolen in a DNS assault. Williamson said, "Organisations across the globeā€¦still don't fully appreciate the risks from DNS-based attacksā€¦ In less than a year, [the] GDPR will come into effect, so organisations really need to start rethinking their security in order to manage today's threats and save their business from fines."

To tackle DNS threats, EfficientIP recommends that businesses replace their firewall and load balancers with purpose-built DNS technology; patch DNS servers more often; and enhance visibility using deep DNS transaction analysis.

Find the new report here.