Domain Name System (DNS) attacks are on the rise globally amid the Covid-19 pandemic, according to the 2021 Global DNS Threat report by security firm EfficientIP.

The report is based on annual research, which was conducted in collaboration with the leading market intelligence firm International Data Corporation (IDC).

In Asia, India was the most impacted country in terms of DNS attacks. Globally, 87 per cent of organisations experienced DNS attacks, with the average cost of each attack around $950,000. As per the report, organisations across all industries suffered an average of 7.6 attacks this past year.

Asia recorded an increase of 15 per cent in such attacks, incurring a cost of $908,140 over the past year, up from $792,840 the previous year. In Asia, India recorded the highest number of DNS attacks of more than 10. Countries which saw a significant increase in damages included Malaysia which increased by 78 per cent, the sharpest increase as well as India, Spain, and France saw an increase of 32, 36 and 25 per cent, respectively.

Attackers had targeted the cloud in the past year, profiting from the reliance on off-premise working and cloud infrastructures. Around a quarter of companies suffered a DNS attack abusing cloud misconfiguration, with almost half of them (47 per cent) suffering cloud service downtime as a result of DNS attacks, the report said.

There has been a sharp rise in data theft from such attacks with 26 per cent of organisations reporting sensitive customer information stolen compared to 16 per cent in 2020’s Threat Report.

“Evidence shows attackers are targeting more organisations and diversifying their toolkit - sometimes drastically. Threat actors relied on domain hijacking, where the user is connected not to the desired service but to a fake one, more than twice as often as last year,” the report said.

Other attacks

Apart from this, phishing and DDoS (Distributed Denial-of-Service) attacks are also on a rise with 49 per cent of companies experienced phishing attempts. Malware-based attacks grew 38 per cent and traditional DDoS attacks grew 29 per cent.

Although the cost and variety of attacks remain high, there is a growing awareness of DNS security and how to combat these attacks.

Around 76 per cent of respondents in deemed DNS security a critical component of their network architecture. Additionally, the report found Zero Trust is evolving as a tool to protect networks in the remote era. About 75 per cent of companies are planning, implementing or running Zero Trust initiatives and 43 per cent of companies believe DNS domain deny and allow lists are highly valuable for Zero Trust for improving control over access to apps.

The DNS Threat Report also listed solutions considered most effective by organisations for preventing theft includes: securing network endpoints (31 per cent) and better monitoring threat and analysis of DNS traffic (26 per cent).

“While it is positive that companies want to use DNS to protect their increasingly remote workforces, organisations are continuing to suffer the costly impacts of DNS attacks,” says Romain Fouchereau, Research Manager European Security at IDC.

“As threat actors seek to diversify their toolkits, businesses must continue to be aware of the variety of threats posed, ensuring DNS security is a key priority to preventing these,” said Fouchereau.

“This past year of the pandemic has shown us that DNS must play a role in an effective security system,” says Ronan David, VP of Strategy for EfficientIP.

“As workers look to more permanently transition to off-premise sites, making use of cloud, IoT, edge and 5G, companies and telecom providers should look to DNS for a proactive security strategy. This will ensure the prevention of network or application downtime as well as protecting organisations from confidential data theft and financial losses,” said David.