Terry Young, Director of Service Provider Product Marketing, A10 Networks explores the most pressing attack vector for organisations to be aware of in the coming months.
The world of IT security has become more sophisticated and complex; as threats have grown exponentially, they have also become more blended, obscure, and harder to remediate. Today, most organisations have experienced some kind of attack, with many experiencing multiple attacks, and it is no longer a matter of if, but when, an attack will take place.
The growth of cybercrime-as-a-service, especially DDoS-as-a-service, has enabled criminals to purchase or rent tools and services that enable them to carry out attacks without having to develop expertise themselves. Combining such tools with attractive financial incentives and a wide collection of ready-made victims, it is easy to see why this is such a lucrative industry for criminals.
Top attack techniques
The cost of a network, website or service being down or unavailable can be probative. The average cost of downtime across all industries has historically been about $5,600 per minute, but recent studies have shown this cost has grown to about $9,000 per minute. For higher risk industries such as finance, government, healthcare, manufacturing, media, retail, and transportation their average cost of downtime tends to be over $5 million per hour.
One of the most popular attack techniques involves the domain name system (DNS). The DNS protocol is essential to every internet-based service and is used to translate alphabetic domain names into a set of numerical internet protocol addresses. DNS is one of the key protocols that makes the internet work.
Why DNS is a favourite attack vector
Today, many organisations provision their own DNS infrastructure to ensure uninterrupted operations of their IT infrastructure and business applications. For example, in many organisations, work computers default to using the organisation’s own DNS servers. This helps internal users access internal websites while keeping such domain names confidential and secure. However, DNS still remains one of the favourite attack vectors for cyber criminals for two main reasons:
As more organisations rely on online applications, DNS exploits have become more common. In a 2023 IDC study, 88% of organisations have experienced one or more DNS attacks on their network, with an average of seven per year and each successful attack costs the business, on average, $942,000.
Delving into DNS attack techniques
There are several different DNS-based attack techniques including: DNS tunneling, DNS phishing, DNS hijacking or credential attacks, DNS spoofing, and DNS malware. DNS attacks are also used as the basis for both DDoS and more advanced phishing attacks.
Many DDoS attacks rely on ways to abuse DNS protocols, including traffic amplification, subdomain attacks, DNS floods and DNS recursion attacks. DNS hijacking, for example, allows attackers to re-route queries from an organisation’s servers to destinations that they control, and it is often used to insert malware into endpoints. With DNS spoofing, malware is injected into DNS caches, or directly via DNS tunneling, so hackers can redirect DNS query traffic. DNS NXDomain flood attacks send spurious queries to nonexistent domain names with requests for invalid or non-existent records, tying up servers.
All of these types of attacks can have short- and long-term implications. In the immediate aftermath of an attack, an organisation may experience downtime or loss of productivity as a result of systems being taken offline. This can lead to revenue loss, reputational damage, and regulatory fines. Long-term impacts include damage to brand reputation, loss of customers, and decreased market share.
The challenge with multiple products to protect DNS
With the emergence of each new threat and the technology to counter it, organisations have traditionally responded by deploying a new security product to remediate the immediate threat at hand. Over time, this has led to the deployment of numerous security devices in the network, resulting in the following challenges:
Securing and simplifying your DNS infrastructure
DNS is a critical component of the internet infrastructure, and it is important that DNS is always up and running to ensure normal business operations. However, DNS is also susceptible to a range of attacks and unfortunately no single security method can prevent all the different types of attacks. Therefore, an all-encompassing approach is required, including DNS load-balancing, DNSSEC, DoH/DoT, and DNS caching to ensure DNS infrastructure is constantly available and performing optimally.
Only with a comprehensive set of DNS security solutions can organisations secure and simplify their DNS infrastructure without compromising on performance or the user experience.
Image Credit: A10 Networks
The startup’s flagship product, CHRONOS-Q, is a quantum controller that acts as a translator between conventional computing systems and quantum computers.
https://ow.ly/MIYf50UxfIc
Huawei recently concluded its 2024-2025 Middle East and Central Asia (ME&CA) ICT Competition Regional Finals in Riyadh, Saudi Arabia, and celebrated the 10th anniversary of the Huawei ICT Academy in the region.
https://ow.ly/SZqc50UxeJo
Estimates suggest that AI could contribute approximately $320 million to the Middle Eastern economies, underscoring the significant potential it holds for this region.
https://ow.ly/aOQZ50UwT3X
GET TAHAWULTECH.COM IN YOUR INBOX
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation