According to new research, cyber-attacks using DNS channels to steal data, DDoS victims, and deploy malware have grown in volume and cost throughout the pandemic.
EfficientIP’s 2021 Global DNS Threat Report was compiled by IDC from interviews with 1,114 organizations across the world about their experiences of last year.
It found that 87% of organizations suffered one or more DNS attack in 2020, up eight percentage points from 2019. On average, victims were hit 7.6 times at the cost of $950,000 per attack.
The most common forms of attack were DNS phishing (49%), DNS-based malware (38%), DDoS (29%), DNS hijacking (27%), DNS tunnelling for command and control (24%), zero-day bugs (23%) and cloud misconfiguration abuse (23%).
Phishing appears to have been particularly popular due to the large number of potentially at-risk remote workers.
These attacks frequently led to cloud service and in-house app downtime, compromised websites, brand damage, lost business and sensitive data theft, the report claimed.
Threat actors often use DNS as it is always on, with traffic whitelisted by most firewalls. That opens up opportunities to hide malware or stolen data in DNS channels, among other things.
However, given its ubiquity, DNS can also play an essential role in securing organizations — especially protecting remote workers and data and application traffic, EfficientIP said.
Half of those surveyed said they use DNS traffic analysis to detect compromised devices, and a quarter 27% send DNS traffic logs to SIEM platforms for analysis.
“While it is positive that companies want to use DNS to protect their increasingly remote workforces, organizations are continuing to suffer the costly impacts of DNS attacks,” said Romain Fouchereau, research manager for European security at IDC.
“As threat actors seek to diversify their toolkits, businesses must continue to be aware of the variety of threats posed, ensuring DNS security is a key priority to preventing these.”