The role DNS plays in network security
New EfficientIP and IDC research sheds light on the frequency of the different types of DNS attack and the associated costs for the last year throughout the COVID-19 pandemic.
In the United Kingdom, the damages stemming from each attack saw a marked decrease by 27% from the year prior; damages in 2021 were €596,083, while damages in 2020 were an average €819,024. This was the strongest decrease globally. The UK companies in the survey reported an average of 5.78 attacks in the last year, which is also the lowest average reported (the highest number was 7.74 in Canada).
In terms of regional damage from DNS attacks, Europe suffered an average of €743,920 per attack. This is a slight increase by 3% from the year prior.
Globally, 87% of organizations experienced DNS attacks, with the average cost of each attack around €779,008. The report shows that organizations across all industries suffered an average 7.6 attacks this past year. These figures illustrate the pivotal role of DNS for network security, both as a threat vector and security objective.
Attackers have increasingly targeted the cloud
The report has found that, throughout the past year during the pandemic, attackers have increasingly targeted the cloud, profiting from the reliance on off-premise working and cloud infrastructures. Around a quarter of companies have suffered a DNS attack abusing cloud misconfiguration, with 47% of companies suffering cloud service downtime as a result of DNS attacks.
The report also found a sharp rise in data theft via DNS, with 26% of organizations reporting sensitive customer information stolen compared to 16% in the previous report.
Evidence shows attackers are targeting more organizations and diversifying their toolkit—sometimes drastically. Threat actors relied on domain hijacking, where the user is connected not to the desired service but to a fake one, more than twice as often as last year. This year phishing also continued to grow in popularity (49% of companies experienced phishing attempts), as did malware-based attacks (38%), and traditional DDoS attacks (29%).
DNS network security
Although the cost and variety of attacks remains high, there is a growing awareness of DNS security and how to combat these attacks.
76% of respondents in the report deemed DNS security a critical component of their network architecture. Additionally, the report found zero trust is evolving as a tool to protect networks in the remote era. 75% of companies are planning, implementing or running zero trust initiatives and 43% of companies believe DNS domain deny and allow lists are highly valuable for zero trust for improving control over access to apps.
The report finds solutions considered most effective by organizations for preventing theft includes: securing network endpoints (31%) and better monitoring threat and analysis of DNS traffic (26%).
“While it is positive that companies want to use DNS to protect their increasingly remote workforces, organizations are continuing to suffer the costly impacts of DNS attacks,” says Romain Fouchereau, Research Manager European Security at IDC.
“As threat actors seek to diversify their toolkits, businesses must continue to be aware of the variety of threats posed, ensuring DNS security is a key priority to preventing these.”
Making DNS the first line of defense
DNS offers valuable information against would-be cybercriminals that is currently underutilized. According to results, 25% of companies perform no analytics on their DNS traffic.
“As workers look to more permanently transition to off-premise sites, making use of cloud, IoT, edge and 5G, companies and telecom providers should look to DNS for a proactive security strategy. This will ensure the prevention of network or application downtime as well as protecting organizations from confidential data theft and financial losses.”
The report suggests three recommendations for protecting data, apps, cloud services and users, including enhancing the privacy of remote workers with a private DoH solution, eliminating cloud service downtime caused by cloud misconfigurations through automating life-cycle management of IP resource and making DNS the first line of defense to stop the spread of attacks.