EfficientIP and IDC report shows DNS attack costs rise and increasingly impacting the cloud.
IDC’s latest 2020 Global DNS Threat Report, for EfficientIp has found, the average number of attacks and the associated costs have remained high, enterprise evolution and awareness of DNS security is growing.
Nearly four out of five organisations (79 per cent) experienced DNS attacks, with the average cost of each attack hovering around $924,000.
The Report showed organisations across all industries suffered an average 9.5 attacks this year. These figures illustrate the pivotal role of the DNS for network security, as threat actors make use of DNS’ dual capacity as either a threat vector or a direct objective. This was 10.73 attacks for Singapore, and India with 12.13 attacks, the highest globally, against 10.44 for Asia as a region.
Among the countries surveyed for cost of attacks, Singapore has ranked in the top three, while Asia as a region has held consistently.
In Asia, cost per attack went down slightly from the previous year, from US$814,000 to US$793,000; while Singapore’s increased from US$924K to US$1.022M.
Attackers appear to increasingly target the Cloud. As the number of business-critical applications hosted in hybrid-cloud environments has increased, so has the attack surface for cybercriminals. The Threat Report shows that cloud service downtime increased from 41 per cent in 2019 to 50 per cent in 2020, a sharp growth of nearly 22 per cent. The increased adoption of cloud services during the global COVID-19 pandemic could make the cloud even more attractive for attackers. 65 per cent of respondents in India experienced cloud service downtime, against the global average of 50 per cent.
In-house app downtime remained extremely high: 62 per cent globally this year compared to 63 per cent last year. with Malaysia standing out in Southeast Asia at 66 per cent.
Romain Fouchereau research manager European Security at IDC said application downtime—whether in-house or in the cloud—remains the most significant result of DNS attacks; of the companies surveyed, 82 per cent said that they had experienced application downtime of some kind. “The Threat Report, now in its sixth year, shows the broad range and changing popularity of attack types,” he said. “Ranging from volumetric to low signal. This year phishing led in popularity (39 per cent of companies experienced phishing attempts), malware-based attacks (21 per cent), and traditional DDoS (27 per cent).
According to Fouchereau the size of DDoS attacks is also increasing, with almost two-thirds (64 per cent) being over 5Gbit/s.
In terms of having sensitive customer information stolen, Singapore scored the highest globally at 30 per cent, outpacing India (27 per cent) and Asia (25 per cent), as well as the global average of 16 per cent.
Despite these worrying numbers, enterprise awareness of how to combat these attacks is improving: 77 per cent of respondents in the 2020 Threat Report deemed DNS security a critical component of their network architecture, compared to 64 per cent in the previous year. Additionally, use of Zero Trust strategies is maturing: 31 per cent of companies are now running or piloting Zero Trust, up from 17 per cent last year. Use of predictive analytics has increased from 45 per cent to 55 per cent.
“Recognition of DNS security criticality has increased to 77 per cent as most organisations are now impacted by a DNS attack or vulnerability of some sort on a regular basis,” he said. “The consequences of such attacks can be very damaging financially, but also have a direct impact on the ability to conduct business. Ensuring DNS service availability and integrity must become a priority for any organisation.”
DNS offers valuable information against would-be hackers that is currently going underutilised. According to results from the 2020 Threat Report, currently 25 per cent of companies perform no analytics on their DNS traffic (compared to 30 per cent last year). 35 per cent of organisations do not make use of internal DNS traffic for filtering, and only 12 per cent collect DNS logs and correlate through machine learning.
There are several ways that companies can make better use of DNS with threat intelligence and User Behavioural Analytics, to enhance attack protection capacity, the report showed.
A DNS security solution can feed security and event management (SIEM) and SOCs with actionable data & events, thus simplifying and accelerating detection, and remediation.
“Of companies surveyed, 29 per cent used SIEM software to detect compromised devices, and 33 per cent of companies passed DNS information to SIEM for analysis (up from 22 per cent in 2019),” stated the report.
