Ever since the pandemic hit, the global threat landscape grew more vulnerable, with a wider impact on the cybersecurity community. And this is just the beginning. According to the 2021 Global DNS Threat Report from network security automation solutions provider EfficientIF, nearly 90% of organizations have suffered a Domain Name System (DNS) attack last year. Cybercriminals are leveraging multiple hacking techniques to pilfer sensitive digital assets, and one of them is DNS attacks.
What is a DNS Attack?
DNS is a protocol that translates a domain name into an IP address. In a DNS attack, adversaries exploit vulnerabilities in the domain name system to obtain access to targeted devices. They also pharm and phish users to generate revenue and steal critical data. DNS is leveraged to launch attacks in multiple ways, including DNS reflection attacks, DoS, DDoS, and DNS poisoning.
“This past year of the pandemic has shown us that DNS must play a role in an effective security system. As workers look to more permanently transition to off-premises sites, making use of cloud, IoT, edge, and 5G, companies and telecom providers should look to DNS for a proactive security strategy. This will ensure the prevention of network or application downtime as well as protecting organizations from confidential data theft and financial losses,” said Ronan David, VP of Strategy for EfficientIP.
Key Findings
- Malaysia experienced the highest increase of 78% in the cost per attack, with an average cost per attack of $787, 200. The two countries among the top three are India and Spain.
- In Asia, while India experienced an increase of 32%, Singapore’s damages declined by 12%, against the regional average increase of 15%.
- Asia experienced a sharp rise in damages of $908,140, compared to last year’s $792,840. The countries that saw average damages above $1,000, 000 were India, France, and Germany.
- 26% of organizations reported sensitive customer information being stolen, compared to 16% in 2020.
- Phishing also continued to grow, with 49% of companies experiencing phishing attempts. In the Asia Pacific, the phishing rate was as high as 46%, with nearly half experiencing a phishing attack included India, Singapore, and Malaysia the most-experienced type of attack including malware-based attack, domain hijacking, cloud misconfiguration abuse, tunneling, and zero-day vulnerability.
The Impact of DNS Attacks
The report revealed that downtime of in-house and cloud applications remains the major impact of DNS attacks, indicating how critical DNS is to ensure resilience and to secure access between users and applications.
“The impact and cost of attacks remain extremely high and continue to increase year over year. This not only affects company finances but also brand image and data confidentiality. With the pandemic, ransomware has increased to become an industry in its own right and a major concern for most organizations. Using DNS filtering and blocking is critical as it can help to stop ransomware attacks right after the infection when the malware tries to contact command and control,” the report stated.