sb-au logo
Story image

DNS threats expected to explode over the holiday period, report finds

Organisations should prepare for a surge in DNS threats over the holiday period, and consider the best way to respond to attacks.

This is according to a new report from the Neustar International Security Council (NISC) which explores the rise in DNS security threats over the peak retail period.

Key findings from the report

With more people shopping online than ever before amid the COVID-19 pandemic, 78% of cybersecurity professionals said they expect to see an increase in DNS-related security threats over the next month.

To prepare their organisations for this upcoming surge, three in five (59%) have altered their DNS security methods in the run up to the holiday season.

Despite these preparations, however, over a quarter (29%) admitted to having reservations around their ability to respond to DNS attacks, which can be largely attributed to the shifting and complex DNS threat landscape.

Out of the range of DNS threats that exist today, the cybersecurity community ranked domain hijacking (41%) as their top concern and the attack they are most likely to fall victim to, followed by DNS spoofing/cache poisoning (28%), DNS tunneling (16%) and zombie domain attacks (15%).

In fact, three in five respondents confessed to being hit by one of these threats in the past year.

Considering the types of attacks and proactive steps

NISC chairman and Neustar SVP and fellow, Rodney Joffe, says, “Acting as the internet’s address book and backbone of today’s digital services, it’s unsurprising that DNS is an increasingly appealing vector for malicious actors, particularly as more consumers turn to websites during peak online shopping periods.

“When successful, DNS attacks can have damaging repercussions to an organisation’s online presence, brand and reputation.

"A domain hijacking attack, for example, can result in hackers taking control of a company’s domain and using it to host malware or launch phishing campaigns that evade spam filters and other reputational protections.

"In a worst-case scenario, this type of attack can even lead to an organisation losing its domain altogether.”

Joffe says, “While organisations are aware of the severity of DNS attacks, it’s important that they continue to take proactive steps to protect themselves and their customers against the different threats.

“This should involve regular DNS audits and constant monitoring to ensure a thorough understanding of all DNS traffic and activity.

"Crucially, DNS data can also provide organisations with timely, actionable and important threat insights, allowing them to not only protect against DNS-related threats, but also mitigate the vast majority of malware, viruses and suspicious content before critical systems are infiltrated.”

Recent findings from the NISC

Findings from the latest NISC research highlighted a 13.6-point year-on-year increase in the International Cyber Benchmarks Index.

Calculated based on the changing level of threats and impact of cyberattacks, the index has maintained an upward trend since May 2017.

During September and October 2020, DDoS (22%) was ranked as the greatest concern for security professionals, followed by system compromise (19%) and ransomware (17%).

During this period, organisations have focused most on increasing their ability to respond to vendor or customer impersonation (58%), targeted hacking (54%), IP address hacking (52%).

Story image
Fujitsu, Trend Micro team up to secure private 5G
"We believe that this security solution represents a key technology for applying private 5G to mission-critical areas."More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Link image
Virtual demo: Diagnose network cabling problems with the LinkIQ Cable+Network Tester
If you’re finding it difficult to install access points and cabling, or if you can’t pinpoint an issue with a video camera or end user, the LinkIQ Cable+Network Tester could be exactly what you need. Try a free, fully interactive demo now.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Major firms disclose breaches in the wake of SolarWinds attack
Microsoft, Shell, GoDaddy, MobiKwik — these are just some of the high-profile company's on the receiving end of sophisticated attacks, writes Bitglass senior director of marketing Jonathan Andresen.More