Globally, 87 per cent of organisations experienced DNS attacks, with the average cost of each attack around $950,000.
EfficientIP in collaboration with IDC announced the results of its 2021 Global DNS Threat report. As per the report, organisations across all industries suffered an average of 7.6 attacks this past year
The report focuses on the different types of DNS attacks that organisations face and the cost associated with it for the previous year during the COVID19 pandemic. With enterprise boundaries blurring, organisations have added a focus on securing remote workers as well as their on-premises and cloud infrastructure.
“This year’s 2021 DNS Security Survey confirms that nearly all companies have had their apps and services disrupted by DNS attacks. To meet zero-trust objectives via network segmentation and application access control, the key role of DNS for visibility over client behaviour and granular filtering is becoming recognised as vital for preventing the spread of attacks as early as possible in the traffic flow,” said Jean-Yves Bisiaux CTO, EfficientIP.
The report further pointed out that Asia recorded an increase of 15 per cent in such attacks, incurring a cost of $908,140 over the past year, up from $792,840 the previous year.
In Asia, India recorded the highest number of DNS attacks of more than 10. Countries that saw a significant increase in damages included Malaysia which increased by 78 per cent, the sharpest increase, as well as India, Spain, and France, saw an increase of 32, 36 and 25 per cent.
Although DNS security is established as a critical component of the overall security strategy, and almost all (99 per cent) organisations have a solution in place, Shutting down DNS servers or service Disabling applications 99 per cent of companies say they have some form of security for DNS in place, but many do not benefit from the advantages of purpose-built DNS security (business continuity, data protection, user protection).
42 per cent are using auto-remediation versus only 25 per cent last year. 42 per cent are not yet using a dedicated DNS security solution to help them fill the potential vulnerability gaps left by traditional network security products, the report added.
“Work, commerce, entertainment, social interactions of modern society have shifted to virtual platforms as people sought to maintain connection despite a pressing need to remain physically distant. This resulted in an increased demand for e-learning, telemedicine, robotics, composite artificial intelligence (AI), augmented reality (AR) and virtual reality (VR) scenarios, intelligent chatbots, digital payments, virtual retail experiences, the list goes on.
The governments and businesses globally adopted hybrid and multi-cloud based digital platforms and solutions taking into consideration flexible computing power, high availability, disaster recovery, lower cost for backup and disaster recovery, resilient core for business process and business continuity, legacy skill risk, remote workforce management, safe return to the workplace, and business agility with a focus for resilient business functions,” said Sujit Christy, CISO, John Keells Holdings PLC.
He further added that this digital transformation diminished the traditional network perimeter. The dangers are hidden in applications, websites, and even word and pdf documents. Phishing emails are hard to spot as fakes by the users. Several newly created domains are used for malware, phishing and ransomware attacks.
Connections to such malicious sites have to be detected and blocked proactively. The challenge is to ensure that the users do not unintentionally click on malicious links and attachments which are just one click away from a major security breach.
The IP-based security controls deployed to protect the trusted network segments are becoming ineffective as the malicious actors target the unsafe DNS connections to penetrate the networks.
Organisations that do not include DNS security as part of their extended enterprise security strategy are more vulnerable to privacy issues. DNS security can not only protect their remote users but also data and application traffic to ensure safe and secure online activities, the report pointed out.
“To improve their overall security posture, organisations should better leverage the extensive insights provided by DNS to feed actionable threat intelligence data to the whole security ecosystem,” said Romain Fouchereau Research Manager, IDC.
Zero Trust Architecture framework
Sujit Christy further pointed out that organisations are adopting a Zero Trust Architecture (ZTA) framework to ensure that the trust is assessed at the time of network connectivity, with an identity and context-based logical access boundary by removing any notion of implicit trust based on a location or IP address.
Security design of network architecture should include DNS Security. Further, the organisations should monitor and analyse the DNS traffic to identify user behaviours and profile devices to enhance threat intelligence and filter domains allowed to be accessed. Hence, DNS monitoring and traffic analysis is the most effective way to protect data confidentiality on the network layer and help detect data exfiltration. This is also an efficient way for closing back doors to data theft and combating ransomware.
The organisation should pay attention to integrate data from multiple sources including the DNS Traffic and apply insights across complex hybrid and multi-cloud environments. DNS security data should feed the SIEM and the SOC should have actionable data and events to help forensic examination, simplify and accelerate detection and remediation. This should help reduce the alert and breach fatigue.
No data traffic should be trusted and the DNS traffic should be the first line of defense. DNS traffic should be verified at all times to ensure an effective Zero Trust Architecture.