Just over three-quarters of cybersecurity professionals have said they expect to see an increase in DNS-related security threats over the next few weeks.
In preparation, three in five (59%) have altered their DNS security methods in the run up to the holiday season, according to a new report from the Neustar International Security Council (NISC).
However, 29% have reservations around their ability to respond to DNS attacks, likely attributed to the shifting and complex DNS threat landscape, as some users admitted to having been hit by at least one DNS attack in the past year, including DNS spoofing/cache poisoning (28%), DNS tunneling (16%) and zombie domain attacks (15%).
“Acting as the internet’s address book and backbone of today’s digital services, it’s unsurprising that DNS is an increasingly appealing vector for malicious actors, particularly as more consumers turn to websites during peak online shopping periods,” said Rodney Joffe, chairman of NISC, SVP and fellow, Neustar.
“When successful, DNS attacks can have damaging repercussions to an organization’s online presence, brand and reputation. A domain hijacking attack, for example, can result in hackers taking control of a company’s domain and using it to host malware or launch phishing campaigns that evade spam filters and other reputational protections. In a worst-case scenario, this type of attack can even lead to an organization losing its domain altogether.”
In an email to Infosecurity, Jack Mannino, CEO at nVisium, flagged the threat of DNS tunneling as being a popular exfiltration technique “because DNS is frequently allowed for egress traffic.”
Mannino said: “Understanding your DNS traffic and having visibility into attacks is important because many command and control systems use DNS for this purpose, and attackers can exfiltrate data over the protocol through attacks like SQL injection as well, evading firewalls and filtering appliances.”
During September and October 2020, DDoS (22%) was ranked as the greatest concern for security professionals, followed by system compromise (19%) and ransomware (17%). During this period, organizations have focused most on increasing their ability to respond to vendor or customer impersonation (58%), targeted hacking (54%) and IP address hacking (52%).
Joffe said it was positive that organizations are aware of the severity of DNS attacks, but it is also important that they continue to take proactive steps to protect themselves and their customers against the different threats.
“This should involve regular DNS audits and constant monitoring to ensure a thorough understanding of all DNS traffic and activity,” he said.
“Crucially, DNS data can also provide organizations with timely, actionable and important threat insights, allowing them to not only protect against DNS-related threats, but also mitigate the vast majority of malware, viruses and suspicious content before critical systems are infiltrated.”
Dan Raywood, Deputy Editor, Infosecurity Magazine