The importance of having security measures to reduce or even prevent DNS attacks is absolutely imperative. DNSEC and multi-factor authentication are key to this.
DNS attacks are impacting companies at significant rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of respondents reported experiencing a DNS attack within the last 12 months.
Among those effected, 61% have seen numerous attacks and 11% said they have been targeted regularly. While one-third of respondents recovered within minutes, 58% saw their businesses impeded for more than an hour, and 14% took several hours to recover.
DNS attacks have been happening for many years and it is nothing new, and they tend to fall further down the list of threats. Ransomware, distributed denial-of-service (DDoS) and targeted hacking of accounts have rounded out the top three perceived threats by NISC survey respondents for the six months beginning March 2021. Nevertheless, DNS attacks appear to be on a gradual upward path.
It is also reported that cyber criminals appear to be maintaining an adapted approach to their attacks. Although no single means stands out as a favoured method, the prevalence of several tactics gives companies some insight to where they may need to turn their attention and fortify security protocols. Recent industry trends indicate that organisations need to remain vigilant, close security gaps, and monitor for potential breaches constantly. Companies need to continuously analyze the DNS traffic leaving their organization, making sure that they maintain good processes and access controls for DNS related accounts, and, most critically, implement DNSSEC.
There a number of types of DNS attacks that organisations should be aware of, and these are just some examples:
- DDoS Attacks – This type of attack has multiple computers and internet connections that target a site. DDoS attacks can add compromised computers to a botnet that runs malicious queries in the background. Attackers can control the power of devices from around the world to query the target all at once. This type of attack overwhelms the domain/website, and eventually causes the website to crash or not respond.
- Malware installation – This is done by hijacking DNS queries and responding with malicious IP addresses. The goal of malware installation can also be achieved by directing requests to phishing domains that appear to be exact matches or confusingly similar to a well-known brand or company name.
- DNS Tunnelling – This type of attack uses encoded data from other applications inside DNS responses and queries. This attack is used to bypass network controls and is mainly used to perform remote attacks.
Implementing DNSSEC and maintaining a frequent and solid process for access controls for DNS related accounts is absolutely imperative, and using two-factor authentication is a must. Also, auditing your DNS zones is an important measure. Ensuring that test domain names or sub-domains do not have outdated software which could vulnerable to attack.
Hackers will always try to target your public company services, researching to find weaknesses inside your Domain Name System. Having a solid DNS control policy will help to mitigate most of the attacks described above. Start auditing your DNS zones today as the first step in order to secure your DNS servers, and reduce your DNS public information as much as possible.
