As businesses work to keep up with a changing landscape as far as cybersecurity and relevant threats, there’s one major area of weakness that continues to be overlooked. The Domain Name System or DNS is one of the most important parts of an IT network and infrastructure, and it’s the main target for hackers.
According to the Global DNS Threat Report, conducted by Efficient IP, the average cost of a DNS attack in the U.S. is around $127 million.
Based on data from the same survey, nearly half lose more than $500,000 in these types of attacks, and almost 10% lose more than five million.
In February of 2019, the Department of Homeland Security issued an Emergency Directive that advised businesses in the U.S. take steps to protect themselves against DNS hijacking. That directive highlighted the fact that Cisco and FireEye both found evidence of DNS attacks recently.
The following provides more understanding of why DNS security is important, and other things organizations and businesses should know.
What is DNS?
If you’re unsure of exactly what’s meant by DNS, learning more and gaining an overview is a good place to start.
The Domain Name System is how hostnames are resolved into IP addresses. It’s one of the most widely used internet services, and the system was created at the beginning of the 1980s.
What the DNS does is take domains that we read and converts them into an IP address to connect to, so as people using the internet we don’t have to remember numbers. Instead, we can use domain names.
Many individuals and organizations will use a DNS server that’s provided by their internet service provider, but there are other options such as a secured, paid DNS server.
One reason DNS security is so important is that if there is a breach, it can have a ripple effect across an organization. For example, based on the information from Efficient IP, the majority of U.S. organizations experiencing a DNS breach find that it takes more a day to resolve the issue.
That means in-house applications can be significantly affected, making it impossible to conduct transactions during that period of time. In 41% of situations in the U.S., cloud services became unavailable as a result of these attacks, and in 44% of cases, the attacks compromised the website of the company.
Certain Industries Can Be More Heavily Impacted Than Others
While any industry or a business of any size or type can be affected by a DNS breach, some industries are more seriously impacted than others.
For example, retail, healthcare, and financial services are among the most affected sectors. This is because of the sheer amount of customer data these kinds of organizations have stored.
What Are the Types of DNS Attacks?
There are certain types of DNS attacks that are fairly common and worth knowing about individually. These include:
- DNS Hijacking: This was touched on with the Homeland Security directive. With DNS hijacking, the cybercriminal uses malware or makes an unauthorized change to the DNS server, so that when someone tries to go to a website, they are diverted to a malicious site or server. Then, once someone unknowingly visits the malicious site, it can be used as a way to either spread malware or gather personal data.
- DNS Spoofing/DNS cache poisoning: In these attacks, a hacker will use forged DNS data. The resolver returns the wrong IP address for a domain, and again, someone trying to visit your website is taken to a malicious site.
- DNS Tunneling: In this type of attack, a hacker encodes data from other programs into DNS queries and uses that to add data payload to DNS. What ultimately happens is that the hacker can take over control of data exfiltration.
- Phantom Domain Attack: In this type of DNS attack, a hacker creates phantom domain servers. These servers don’t respond, or they may be slow to respond. Then, the resolver gets a rush of requests to the domains set up by the hacker. The resolver has to wait for responses, which slows performance, and then there’s a service denial.
It’s important for organizations and businesses to know that having perimeter network security isn’t enough. Both internal and external threats exist as far as DNS security, and to properly combat these threats, it’s a good idea to use automation as part of a network security policy. Automation allows businesses to stay up-to-date on constantly changing threats.