DNS attacks have exploded during the pandemic

When you use a satnav system to find a particular location, you start by entering the address — for example, 31 Forester Avenue — and then let whichever mapping app or tool you’re using translate that address into a series of instructions that can get you to wherever you’re heading.

Being able to do this requires the mapping app being capable of reconciling the names of roads and streets with the maps in its database. It means knowing the names of the road you’re on at any given moment, and being able to use this to help you navigate to the right place.

By comparison with real-world navigation, internet users don’t typically think about the navigation process when they go online, precisely because the process is so fast. If you have to wait more than a second to load a page, chances are that you’re already mentally composing the complaint letter to your internet service provider about the speed of their service.

In fact, ensuring that typed web addresses link up with the site the user wants to visit is a more involved process than it might outwardly seem — and, just like a navigation app has to marry its knowledge of road networks with names and addresses, so too does a web browser have to connect the machine-understandable address of a website (such as 186.121.362.230) with human-understandable addresses like Amazon or facebook.

The system that connects these two addresses together so that users can easily navigate the internet is called the Domain Name System (DNS) protocol. Another way to think of it is as an internet version of the phone book: connecting strings of numbers with names so as to connect each party to whoever it is that they desire to “speak” with. Without DNS, the internet would not work anywhere nearly as seamlessly as it does.

Unfortunately, DNS is also the target of attackers seeking to misappropriate it to cause damage online. There are a growing number of attacks involving DNS that can be extremely harmful. To protect against them, users should avail themselves of protective measures such as DNSSEC extensions for verifying that DNS results haven’t been tampered with.

Attacks are ramping up

There are numerous attacks that in some way tie into the DNS protocol. For example, DNS tunnelling attacks use the trustworthy status of DNS traffic as a way to get through both inbound and outbound firewalls to issue instructions to malware or exfiltrate data. Meanwhile, Domain Generation Algorithm (DGA) attacks generate domain names which can then be used to carry out malware attacks in a way that is difficult to circumvent. Still others include Distributed Denial of Service (DDoS) attacks, DNS cache poisoning, DNS hijacking, DNS rebinding attacks, and more. In all cases, the attacks target DNS as a way to inflict as much damage as possible.

Unfortunately, the number of these attacks is ramping up. According to the IDC 2021 Global DNS threat report, a massive 91 percent of financial firms — one of the most at-risk sectors — have been targeted with DNS attacks over the past year, with the most expensive of these costing an average of more than $1 million. These attacks have coincided with the COVID-19 pandemic, with finance firms being hit with 8.3 attacks on average over the past year, with each attack taking upward of six hours to mitigate. Since any business experiencing unwanted downtime is bad news, this is a particularly devastating impact of DNS attacks, especially in an industry like finance where there is so much money at stake.

As it happens, however, the experiences of the financial sector are not particularly unusual. Although finance may be a particular target of cyber attackers, a similar increase in DNS-focused attacks can be seen in just about every industry you look at, making this a problem that needs solving as quickly as possible. The same IDC report noted that, around the world, approximately 87 percent of all organizations have suffered DNS attacks during that same timescale. While those numbers might be somewhat less than the financial sector, it nonetheless highlights how widespread these attacks are.

The importance of DNSSEC

What organizations can’t do is to assume that these attacks are going to go away on their own. Instead, they must make use of the latest cyber security tools to safeguard against attacks. This is where DNSSEC comes into play. Designed to boost DNS security, DNSSEC extensions are capable of verifying and thereby ensuring DNS results haven’t been altered by using digital signature technology. It adds additional security layers which make it considerably tougher for attacks to launch DNS attacks.

The threat of DNS attacks isn’t going away. But by improving your organization’s ability to predict, spot, and protect against such attacks, it’s possible to safeguard against a rapidly growing cyber security threat before it becomes a major problem for you.