Domain Name System Is a Target for Hackers

Domain Name System Is a Target for Hackers

Domain Name System Is a Target for HackersDomain Name System Is a Target for Hackers

Today’s security solutions have not been designed to protect the Domain Name System (DNS) properly, resulting in data loss, downtime and brand damage.

Security Not Good EnoughSecurity Not Good Enough

Today’s security solutions have not been designed to protect the Domain Name System (DNS) properly, and 49% of businesses are not even aware of DNS-based malware.

Growing AwarenessGrowing Awareness

41% of businesses are aware of DNS DDoS attacks, up from 38% last year.
38% know about data exfiltration through DNS, up significantly from 24% in 2016.
26% are aware of DNS zero-day vulnerabilities, up from 24% last year.

Volumetric AttacksVolumetric Attacks

DNS DDoS attacks flood the network with vast amounts of traffic. Most DNS servers can handle 300,000 queries per second, but 88% of DNS DDoS attacks are more than 1 million QPS (1GB per second).

Inadequate PatchingInadequate Patching

Zero-Day attacks take advantage of DNS security holes for which no patch has been applied. Although 11 critical patches have been released under Bind technology in 2016, 83% of organizations have applied fewer than 7 patches.

Data ExfiltrationData Exfiltration

Firewalls, intrusion detection systems and secure web gateways do not perform complete DNS transaction analyses and are unable to detect exfiltrated data. This year, 28% of respondents who were attacked had sensitive data stolen.

Cost of AttackCost of Attack

No sector is safe. Looking at the average cost of a single attack, the highest was for communications organizations ($622,000), followed by financial services ($588,000). The lowest was for healthcare organizations ($282,000).

Time to MitigateTime to Mitigate

On average, it takes more than five hours to mitigate a DNS attack. 45% of respondents spent more than half a day resolving an attack.

Damage from DNS Attacks in 2017 vs. 2016Damage from DNS Attacks in 2017 vs. 2016

In-house app downtime: 37% in 2017 vs. 40% in 2016.
Compromised website: 36% vs. 27%.
Brand damage: 20% vs. 12.3%.
Loss of business: 20% vs. 20.5%.
Sensitive customer data stolen: 18% vs. 9.5%.
Intellectual property stolen: 14% vs. 14.5%.

Midsize Companies Hit HardestMidsize Companies Hit Hardest

Midsize organizations with 5,000 to 9,999 employees were most affected by DNS attacks. 34% reported costs between $0.5 million to $5 million.

Small Firms Less Likely to RecoverSmall Firms Less Likely to Recover

DNS attacks can cost a lot more for large organizations, but they usually recover, whereas smaller organizations find it much harder to recuperate financially.

Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles