Domain name system (DNS) attacks are impacting organisations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimised regularly. While one-third of respondents recovered within minutes, 58% saw their businesses disrupted for more than an hour, and 14% took several hours to recover.
DNS attacks are nothing new, and they tend to fall further down the list of threat concerns. Ransomware, distributed denial-of-service (DDoS) and targeted hacking of accounts have rounded out the top three perceived threats by NISC survey respondents for the six months beginning March 2021. However, DNS attacks appear to be on a gradual upward trajectory. In its October 2020 survey, NISC found that 47% of respondents felt DNS compromise was an increasing threat; that number has risen slowly but steadily over the past year and now stands at 55% in the latest release.
According to the NISC survey, 92% of organisations report that their website is vital to business continuity and customer fulfilment at some level, with 16% entirely enabled by it. More than half of respondents (56%) consider their website as having a major role in day-to-day activity, while only 8% feel they would be able to conduct business without their website up and running. Despite the clear reliance on a functional website for business continuity, only three in ten (31%) survey participants were very confident in their preparedness to deal with a DNS attack that could take their website offline, and more than a quarter (27%) were not confident.
“Organisations are challenged to keep pace with emerging security threats in an increasingly borderless digital landscape. Although some attack vectors may not be as visible or pose as imminent a threat as others, it is clear bad actors will exploit any vulnerability they can find sooner rather than later, and they will cost organisations valuable time, resources and business,” said Michael Kaczmarek, vice president of product management for Neustar Security Solutions. “To manage DNS security, organisations need to continuously analyse the DNS traffic leaving their organisation, make sure they maintain good hygiene and access controls for DNS related accounts, and, most importantly, implement DNSSEC.”
Cyber criminals appear to be maintaining a diversified approach to their attacks. Although no single vector stands out as a favoured method, the prevalence of several tactics gives organisations some insight to where they may need to turn their attention and fortify security protocols. For instance, nearly half of respondents (47%) experienced DNS hijacking and nearly the same proportion (46%) encountered DNS flood, reflection or amplification attacks that segued into DDoS, a chief security concern. Approximately one-third of participants fell victim to DNS tunnelling (35%) and to cache poisoning (33%).
“DNS attacks may not grab headlines like a big DDoS or ransomware attack does, but the business impact cannot be ignored and their ability to be overlooked makes them that much more dangerous,” continued Kaczmarek. “The latest data indicates that organisations need to remain vigilant, close security gaps, and patrol for potential breaches around the clock.”