The Costs and Damages of DNS Attacks

EfficientIP has announced the findings of its eighth annual Global DNS Threat Report 2022, conducted by IDC, which reveals the detrimental impact of Domain Name System (DNS) attacks on the operations of global organizations over the past 12 month.

The report reveals how, despite 73% of organizations knowing that DNS security is critical to their business, cybercriminals continue to infiltrate the network and cause significant business disruption, causing cloud applications to stop and on-site and data theft.

As enterprises continue to balance supporting remote workers with mitigating network security risks posed by the rise of hybrid work models and reliance on cloud applications, findings show that 88 % of organizations have experienced one or more DNS attacks against their business. Each successful attack costs the company, on average, $942,000.

Securing DNS and ensuring network integrity so that threats are detected and mitigated before they spread is becoming even more critical to ensuring the continuity of business operations, with organizations detailing how they have, on average, been impacted by seven attacks in the last 12 months. .

The impact of a DNS attack

A DNS attack not only causes annoying business interruption, but can also be a costly expense for organizations. Over the past 12 months, APAC has become the region with the highest average cost of a successful attack at $1,036,040, a 14% increase from 2021, while the average cost of a successful attack for EMEA and North America decreased by 4% and 7% respectively.

Malaysia (21%), Germany (18%) and India and the UK (14% each) saw the biggest increase in the cost of an attack, while Spain saw its cost damage fall by almost half (48%) compared to 2021. France and the United States are the only other countries to have recorded a drop in the average cost with respectively 21% and 5%.

Cybercriminals continue to use all available tools to gain access to networks, disrupt business and steal data specifically targeting the hybrid workforce as DNS-based attacks become more prevalent across industries .

Over the past year, 70% of organizations have experienced internal and cloud application downtime, with the average time to mitigate these threats rising to 6 hours and 7 minutes, meaning employees, partners and customers could not access any service. The top five DNS-based attacks experienced by organizations are; phishing (51%), malware (43%), DDoS (30%), DNS tunneling (28%) and credential hijacking/attack (28%).

Jean-Yves Bisiaux, CTO of EfficientIP commented: “Arming the DNS is crucial. DNS is a critical foundation of any organization’s network security strategy, but every year we continue to see the same alarming trends and data, revealing that organizations aren’t taking these risks seriously. At a time when we all expect a hybrid environment to be able to work from anywhere, business leaders should now insist that this environment is secure against hackers who continue to take advantage of this weak point in defenses. DNS doesn’t have to be an organization’s Achilles’ heel; it should be the backbone of a resilient network security strategy designed to keep attackers firmly out.

Maintaining DNS resiliency to secure networks, applications, and data is always available and accessible is essential for businesses that want to maintain their operations and protect their reputation with customers, partners, and employees. With an increased reliance on cloud-based services and applications, the risk of downtime can be even more catastrophic for organizations if taken “offline”.

56% of respondents agree that DNS is an essential part of their cloud strategy, helping to build resiliency and intelligently direct application traffic to ensure availability and improve user experience. In the past year, 44% of organizations have been impacted by a cloud service outage and 27% have suffered a DNS attack that abused cloud misconfiguration. These impacts can be mitigated by using automation as part of the DNS solution to enable provisioning and de-provisioning of IP resources and eliminate the risk of misconfigurations.

Additional key find

  • 43% of organizations do not use a security solution integrated with a DNS server and 62% still do not use self-remediation to ensure the security of services.
  • 24% had intellectual property (IPs) or sensitive data stolen as a result of a DNS attack.
  • 43% of respondents have been victims of ransomware.
  • Despite the risks posed by employees accessing unauthorized cloud applications, 61% did not make shadow IT a priority for their business in 2022. DNS was found to be a primary solution for detecting shadow IT in 51 % of organizations.

“The continued increase in digital transformation projects, which have accelerated significantly over the past two years, as well as the adoption and migration to multi-cloud infrastructures while supporting a growing workforce more remote, have resulted in greater complexity for IT security teams,” says Romain FouchereauResearch Manager European Security at IDC.

“We know that organizations recognize the importance of leveraging DNS capabilities to mitigate attacks, but there are still weak spots in cyber defenses as attackers continue to diversify and deploy new attack techniques to infiltrate. businesses and inflict damage. Effective DNS tools and a proactive security strategy will ensure business continuity and greater agility and visibility when supporting the hybrid workforce.

Previous Wondering how DNS really works? Watch it in action with this free app
Next MITER ATT&CK Spotlight: Understanding the DNS Attack Surface