Domain Name System Is a Target for Hackers
-
Domain Name System Is a Target for Hackers
Today's security solutions have not been designed to protect the Domain Name System (DNS) properly, resulting in data loss, downtime and brand damage. -
Security Not Good Enough
Today's security solutions have not been designed to protect the Domain Name System (DNS) properly, and 49% of businesses are not even aware of DNS-based malware. -
Growing Awareness
41% of businesses are aware of DNS DDoS attacks, up from 38% last year. 38% know about data exfiltration through DNS, up significantly from 24% in 2016. 26% are aware of DNS zero-day vulnerabilities, up from 24% last year. -
Volumetric Attacks
DNS DDoS attacks flood the network with vast amounts of traffic. Most DNS servers can handle 300,000 queries per second, but 88% of DNS DDoS attacks are more than 1 million QPS (1GB per second). -
Inadequate Patching
Zero-Day attacks take advantage of DNS security holes for which no patch has been applied. Although 11 critical patches have been released under Bind technology in 2016, 83% of organizations have applied fewer than 7 patches. -
Data Exfiltration
Firewalls, intrusion detection systems and secure web gateways do not perform complete DNS transaction analyses and are unable to detect exfiltrated data. This year, 28% of respondents who were attacked had sensitive data stolen. -
Cost of Attack
No sector is safe. Looking at the average cost of a single attack, the highest was for communications organizations ($622,000), followed by financial services ($588,000). The lowest was for healthcare organizations ($282,000). -
Time to Mitigate
On average, it takes more than five hours to mitigate a DNS attack. 45% of respondents spent more than half a day resolving an attack. -
Damage from DNS Attacks in 2017 vs. 2016
In-house app downtime: 37% in 2017 vs. 40% in 2016. Compromised website: 36% vs. 27%. Brand damage: 20% vs. 12.3%. Loss of business: 20% vs. 20.5%. Sensitive customer data stolen: 18% vs. 9.5%. Intellectual property stolen: 14% vs. 14.5%. -
Midsize Companies Hit Hardest
Midsize organizations with 5,000 to 9,999 employees were most affected by DNS attacks. 34% reported costs between $0.5 million to $5 million. -
Small Firms Less Likely to Recover
DNS attacks can cost a lot more for large organizations, but they usually recover, whereas smaller organizations find it much harder to recuperate financially.
The mission-critical Domain Name System (DNS) is increasingly a target of more creative cyber- attacks designed to cause downtime or damage, according to a new study. Attackers use the DNS to exfiltrate data or launch distributed-denial-of-service attacks, according to the 2017 "Global DNS Threat Survey," conducted by Coleman Parkes for EfficientIP. DDoS attacks are the second highest DNS-related attack type (32 percent) after malware (35 percent). In third place is Cache Poisoning (23 percent), followed by DNS Tunneling (22 percent) and Zero-Day exploits (19 percent). Yearly average costs of damages caused by DNS attacks are $2.2 million, and 76 percent of organizations have been victimized during the past 12 months (up 2 percent since last year), the report revealed. "Organizations must ensure they have the right solution in place to prevent business damage, such as a loss of sensitive information, downtime or compromised public image," said David Williamson, CEO of EfficientIP. The survey included 1,000 respondents, including 300 from North America, 400 from Europe and 300 from APAC. The survey's goal was to examine the technical and behavioral causes for the rise in DNS threats and the potential business effects, and to suggest straightforward, rapid remedies.