Incident Response, TDR

DNS attacks putting organizations at risk, survey finds

More than 75 percent of organizations in the U.S. and U.K. have experienced at least one DNS attack, and 66 percent of organizations in the U.S. experienced a DNS attack within the last 12 months, according to new research undertaken by Vanson Bourne and commissioned by Cloudmark.

The DNS Security Survey is based on interviews with 300 IT decision-makers – 200 in the U.S. and 100 in the U.K. – who work for organizations with at least 1,000 employees in the financial services, IT, manufacturing and production, and retail, distribution and transport sectors.

Of those that experienced at least one DNS attack, 74 percent of respondents stated that their organization has been affected by a distributed denial-of-service (DDoS) attack aimed at causing an internet outage or service disruption, according to findings emailed to SCMagazine.com.

In a Tuesday email correspondence, Tom Landesman, a security researcher with Cloudmark, told SCMagazine.com that attackers are able to launch DDoS attacks through DNS amplifications and resource exhaustion.

“They set up a malicious domain with very large resource records with the goal of executing a DNS amplification attack,” Landesman said. “Once the malicious domain is created, queries going to open DNS resolvers with a spoofed IP are directed to a spoofed IP address of target servers causing a DDoS attack.”

Landesman said DDoS attacks are likely the number one DNS attack because of the minimal effort and resources required on the attacker's end. He added that DDoS attacks create a scenario where the organization is focused on mitigation, while malware infections and data theft may be happening elsewhere on the network.

Of other types of DNS attacks, 46 percent of respondents said their organization experienced DNS exfiltration, or leaking data out via DNS; 45 percent said DNS tunneling, or using DNS to bypass network access or security controls, to create reverse tunnels allowing infiltration, or to bypass Wi-Fi billing; and 33 percent said DNS hijacking, or attempts to reroute DNS traffic to malicious domains or phishing sites.

As a result of DNS attacks, 63 percent of organizations experienced lost internet, 42 percent experienced more customer complaints, 34 percent experienced lost business-critical data and confidential customer information, and 30 percent experienced lost revenue.

Although respondents pointed to customer retention and brand reputation as the biggest concerns following a DNS attack, remediation and operational costs were also considered a burden. Landesman said that the strain DNS attacks put on an organization's infrastructure and resources can lead to the lost revenue.

“Cybercriminals are able also to bypass Wi-Fi payments, as well as tunnel subscriber traffic through DNS to avoid roaming fees,” Landesman said. “Telecommunication providers may face revenue loss in the millions of dollars as a result.”

Nearly 70 percent of respondents said their organization has a DNS security solution implemented to protect against DNS attacks. 

“It's critical that organizations incorporate DNS protection into their overall security strategy,” Landesman said. “Just as all organizations have addressed traditional internet vulnerabilities with firewalls and anti-virus solutions, it is important that they protect their DNS infrastructure with a flexible, comprehensive solution that can stay ahead of the bad guys.”

The retail, distribution and transport sector experienced the most DNS instances, with 74 percent of respondents stating that their organization had experienced a DNS attack within the last 12 months.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.