The Domain Name System (DNS) that translates all those names of Web sites into a numerical IP address works so well that most people either don’t realize it exists or have simply forgotten about it. But a new 2018 Global DNS Threat Report from EfficientIP, a provider of DNS security services, makes it clear DNS servers are now a primary attack vector of cybercriminals.
The report finds more than three-quarters (77%) of the organizations surveyed were subject to a DNS attack in 2018. The global average cost per DNS attack increased by 57% year-on-year, standing at $715,000. On average, organizations in the U.S. citied costs of $654,000 per attack, an 82 percent rise. Organizations in France experienced that highest costs at $974,000. But as far as Europe is concerned, organizations in the United Kingdom saw the highest year-on-year increase in cost per DNS attack at 105 percent. In Asia-Pacific, Singapore had the highest cost at $710,000 per attack as well as the highest cost increase at 85 percent.
The five most popular DNS-based attacks in 2018 are DNS-based malware and phishing at 36 percent, respectively, followed by DDoS attacks (20%), Lock-up Domain attacks (20%) and DNS Tunneling (20%).
The report finds overall 40 percent of organizations suffered cloud outages because of these attacks, while one-third (33%) said they were victims of data theft. One-in-five (22%) businesses attribute lost business to DNS attacks.
The biggest issue most organizations wrestle with when it comes to securing DNS is finding a way to accomplish that goal without impacting application performance. For example, protocols such as DNSsec that encrypt traffic have been around for years. But application performance along wih the complexity associated with managing DNSsec has conspired to limit adoption.
The DNS protocol itself harkens back to the earliest days of the Internet when cybersecurity wasn’t perceived to be much of a concern. But now cybercriminals regularly try to either hijack domain names or cripple Web sites by launching massive volumes of DNS queries as part of a DDoS attack. Sometime that DDoS attacks is even meant to distract cybersecurity professionals while attacks against other weak points get launched.
To make matters a little more complicated the U.S. ceded DNS control to the independent Internet Corporation for Assigned Names and Numbers (ICANN) in October 2016. Now Brazil, Russia, India, China and South Africa are working to develop a separate name service system that is expected to be implement to some degree later this year. The countries involved want to be able to have more control over Web traffic as it moves within their territory. Organizations may soon find themselves trying to secure different types of name servers around the globe. In fact, what is known as the Internet may soon break up into series of Internets connected by heavily controlled interconnects and gateways.
Arguably, the best defense against DNS attacks is going to be a cloud service that can either reroute DNS requests or serve as a backup alternative to an on-premises server. Whatever the path chosen, DNS servers clearly need to be a much bigger focus of every cybersecurity defense plan.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.