The COVID-19 pandemic caused a huge shift in the way people work, and organisations had to adapt quickly. It rapidly increased cloud usage and as the number of people remote working increase, the attack surface has increased considerably as well.
As a result, organisations have suffered more diverse types of attacks than ever before, according to EfficientIP’s 2021 Global DNS threat report. It found that cybercriminals are using all the tools at their disposal to exploit both the domain name systems (DNS) protocol and misconfigurations.
The report found that in 2021, 87% of organisations experienced an attack, up from 79% the previous year. The industry worst effected was telecommunications, it was the most targeted industry, averaging 8.6 attacks per telco, had the highest customer information stolen via DNS at 29% and 31% suffered brand damage.
What impact do these attacks have on businesses?
The impact and cost of attacks remain extremely high and continue to increase year over year. This not only affects company finances but also brand image and data confidentiality. With the pandemic, ransomware has increased to become an industry in its own right and a major concern for most organisations. Using DNS filtering and blocking is critical as it can help to stop ransomware attacks right after the infection, when the malware tries to contact command and control (C&C).
Relying on the DNS service of the cloud providers is complex when starting multicloud and this requires continuous (at times manual) updates and monitoring. 52% view DNS as a critical component of their overall cloud strategy, 46% suffered cloud downtime as a result of a DNS attack and 23% suffered a DNS attack abusing cloud misconfiguration.
According to the Cloud Security Alliance, in its State of Cloud Security 2020 Report, cloud misconfiguration remains the top cause of data breaches in the cloud.
“Misconfigurations and oversights in cloud environments can cause severe damage. Forgotten VM IP addresses in the cloud, for example, can leave the door open for DNS attacks, which tend to target organisations with large and complex infrastructures. Using a dedicated DDI (DNS-DHCP-IPAM) solution will help eliminate the risk of misconfiguration, particularly if automation is included,” the report stated.
Although DNS security is established as a critical component of the overall security strategy, and almost all (99%) organisations have a solution in place, 42% are not using a dedicated DNS security solution to help them fill the potential vulnerability gaps left by traditional network security products.
“This year’s 2021 DNS Security Survey confirms that nearly all companies have had their apps and services disrupted by DNS attacks. With enterprise boundaries blurring, organisations have added a focus on securing remote workers as well as their on-premises and cloud infrastructure. To meet zero-trust objectives via network segmentation and application access control, the key role of DNS for visibility over client behaviour and granular filtering is becoming recognised as vital for preventing the spread of attacks as early as possible in the traffic flow.” said Jean-Yves Bisiaux, CTO, EfficientIP.