16.3 C
Sunday, May 26, 2024

Why DNS Exploits Remain a Top Attack Vector in 2024

Must read

Terry Young
Terry Young
Terry Young is the Director of Service Provider Product Marketing at A10 Networks. He is an experienced marketing leader adept at initiating and energizing new marketing initiatives, enhancing industry visibility, and driving sales success. Skilled in crafting value-based messages from technical features and deploying them across diverse marketing channels. Specializes in cybersecurity for mobile and telecom, startup and service provider sectors, and launching innovative solutions into new markets.

Cybercrime is booming, and DNS attacks are a top target. This article explores the rising cost of downtime and various DNS attack techniques. Learn why a multi-layered approach is crucial for securing your DNS infrastructure.

The world of IT security has become more sophisticated and complex; as threats have grown exponentially, they have become more blended, obscure, and harder to remediate. Today, most organizations have experienced some attack, with many experiencing multiple attacks, and it is no longer a matter of if but when an attack will take place. 

The growth of cybercrime-as-a-service, especially DDoS-as-a-service, has enabled criminals to purchase or rent tools and services that enable them to carry out attacks without developing expertise. Combining such tools with attractive financial incentives and a wide collection of ready-made victims, it is easy to see why this is such a lucrative industry for criminals.

Top attack techniques

The cost of a network, website, or service being down or unavailable can be probative. The average cost of downtime across all industries has historically been about $5,600 per minute, but recent studies have shown this cost has grown to about $9,000 per minute. Higher-risk industries such as finance, government, healthcare, manufacturing, media, retail, and transportation have an average downtime cost of over $5 million per hour.

One of the most popular attack techniques involves the domain name system (DNS). The DNS protocol is essential to every internet-based service and translates alphabetic domain names into a set of numerical internet protocol addresses. DNS is one of the key protocols that make the internet work.

Why DNS is a favorite attack vector 

Today, many organizations provision their own DNS infrastructure to ensure uninterrupted operations of their IT infrastructure and business applications. For example, in many organizations, work computers default to using the organization’s own DNS servers. This helps internal users access websites while keeping such domain names confidential and secure. However, DNS remains one of the favorite attack vectors for cybercriminals for two main reasons:

  • It is an inherently insecure protocol and easier to target.
  • DNS is fundamental to the operations of the internet and applications, and therefore, bringing it down can have a much greater impact than simply targeting individual applications or services.

DNS exploits have become more common as more organizations rely on online applications. In a 2023 IDC study, 88% of organizations have experienced one or more DNS attacks on their network, with an average of seven per year. Each successful attack costs the business, on average, $942,000.

Delving into DNS attack techniques 

Several DNS-based attack techniques include DNS tunneling, DNS phishing, DNS hijacking or credential attacks, DNS spoofing, and DNS malware. DNS attacks are also used as the basis for DDoS and more advanced phishing attacks.

Many DDoS attacks rely on ways to abuse DNS protocols, including traffic amplification, subdomain attacks, DNS floods, and DNS recursion attacks. DNS hijacking, for example, allows attackers to re-route queries from an organisation’s servers to destinations they control, often used to insert malware into endpoints. With DNS spoofing, malware is injected into DNS caches or directly via DNS tunneling so hackers can redirect DNS query traffic. DNS NXDomain flood attacks send spurious queries to nonexistent domain names with requests for invalid or non-existent records, tying up servers. 

All of these types of attacks can have short- and long-term implications. In the immediate aftermath of an attack, an organization may experience downtime or loss of productivity due to systems being taken offline. This can lead to revenue loss, reputational damage, and regulatory fines. Long-term impacts include damage to brand reputation, loss of customers, and decreased market share. 

The challenge with multiple products to protect DNS 

With the emergence of each new threat and the technology to counter it, organizations have traditionally responded by deploying a new security product to remediate the immediate threat at hand. Over time, this has led to the deployment of numerous security devices in the network, resulting in the following challenges:

  • Increased complexity: With many security devices in the network, deploying, managing, and troubleshooting has become increasingly complex. Each device has its management interface and configuration commands requiring specialized knowledge to deploy and troubleshoot. 
  • Increased cost: Upgrading DNS infrastructure to meet growing traffic needs requires upgrading most if not all, devices. Multiple products are purchased, resulting in high purchase and licensing costs.
  • Slow performance: Some newer DNS technologies, such as DNS over HTTPS (DoH) and DNS over TLS (DoT), require TLS decryption/encryption processing, which is highly CPU-intensive. However, DNS servers were not originally designed for such processing; therefore, adding DoH/DoT can lead to a severe slowdown in overall performance.
  • Unsuitable for hybrid cloud: All these problems are further compounded by the growing adoption of hybrid cloud. This is because many of the legacy security products deployed in private data centers may either be unavailable or not be optimally suited for such a deployment. This leads to the adoption of cloud-specific offerings, adding to the complexity and cost of deployment.

Securing and simplifying your DNS infrastructure 

DNS is a critical component of the internet infrastructure, and it is important that DNS is always up and running to ensure normal business operations. However, DNS is also susceptible to a range of attacks and unfortunately, no single security method can prevent all the different types of attacks. Therefore, an all-encompassing approach is required, including DNS load-balancing, DNSSEC, DoH/DoT, and DNS caching to ensure DNS infrastructure is constantly available and performing optimally. 

Organizations can only secure and simplify their DNS infrastructure with comprehensive DNS security solutions without compromising performance or the user experience.

More articles

Latest news