Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months.
Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover.
DNS attacks are nothing new, and they tend to fall further down the list of threat concerns. Ransomware, distributed denial-of-service (DDoS) and targeted hacking of accounts have rounded out the top three perceived threats by NISC survey respondents for the six months beginning March 2021. However, DNS attacks appear to be on a gradual upward trajectory.
In its October 2020 survey, NISC found that 47% of respondents felt DNS compromise was an increasing threat; that number has risen slowly but steadily over the past year and now stands at 55% in the latest release.
According to the survey, 92% of organizations report that their website is vital to business continuity and customer fulfilment at some level, with 16% entirely enabled by it. 56% of respondents consider their website as having a major role in day-to-day activity, while only 8% feel they would be able to conduct business without their website up and running.
Organizations poorly prepared to deal with DNS attacks
Despite the clear reliance on a functional website for business continuity, only 31% of survey participants were very confident in their preparedness to deal with a DNS attack that could take their website offline, and 27% were not confident.
“Organizations are challenged to keep pace with emerging security threats in an increasingly borderless digital landscape. Although some attack vectors may not be as visible or pose as imminent a threat as others, it is clear bad actors will exploit any vulnerability they can find sooner rather than later, and they will cost organizations valuable time, resources and business,” said Michael Kaczmarek, VP of product management for Neustar Security Solutions.
“To manage DNS security, organizations need to continuously analyze the DNS traffic leaving their organization, make sure they maintain good hygiene and access controls for DNS related accounts, and, most importantly, implement DNSSEC.”
Cyber criminals appear to be maintaining a diversified approach to their attacks. Although no single vector stands out as a favored method, the prevalence of several tactics gives organizations some insight to where they may need to turn their attention and fortify security protocols. For instance, 47% of respondents experienced DNS hijacking and nearly the same proportion (46%) encountered DNS flood, reflection or amplification attacks that segued into DDoS, a chief security concern. Approximately one-third of participants fell victim to DNS tunnelling (35%) and to cache poisoning (33%).
“DNS attacks may not grab headlines like a big DDoS or ransomware attack does, but the business impact cannot be ignored and their ability to be overlooked makes them that much more dangerous,” continued Kaczmarek. “The latest data indicates that organizations need to remain vigilant, close security gaps, and patrol for potential breaches around the clock.”