Recently, a series of global domain name service (DNS) attacks hit servers in North America, the Middle East, North Africa, and Europe. This caused widespread chaos across governmental and business websites, telecommunications platforms, and network infrastructure. The DNS attacks were traced to various cells in Iran, but no culprits have been identified.
Not all cyber escapades are so widespread, but all it takes is a single targeted DNS attack to devastate a business. The first line of defense is to know what you’re up against. The second is to learn and follow current brand protection best practices.
The Anatomy of a DNS Attack
Regardless of what you call it, a DNS attack is an attack on your domain name server that causes a large volume of unexpected activity. This places extraordinary demands on system resources that cause servers to crash or stop responding. There is no one kind of DNS attack, although some are more prevalent than others.
The breakdown of common attack types goes like this:
76% are direct denial of service (DDoS) attacks – Also known as amplification attacks. They use several computers to issue a flood of requests to a server, causing it to overload and stop responding. DDoS attacks involve one attacking system and one server.
33% involve cache poisoning – Involves replacing legitimate cache information with faked or spoofed data to redirect users.
29% are DNS exploits – Attackers search for DNS vulnerabilities to find a weak point to penetrate the system.
29% involve UDP flooding – A form of DDoS DNS attack, these attacks overwhelm a targeted system until it can no longer respond.
24% are the result of DNS tunneling – Hackers embed malicious coding or programs in the DNS queries in an effort to commandeer the session and/or re-direct traffic.
The Cost of DNS Attacks
Unfortunately, too many website owners are overly concerned with the cost of advanced security measures and not concerned enough about the cost to their business and reputation until it’s too late.
According to research published in Science Direct, which was based on the 2018 Global DNS Threat Report put out by EfficientIP, 77% of organizations surveyed reported DNS-related attacks during the previous year.
On average, one hour of downtime due to a domain name server
33% of business owners don’t have the on-site IT capabilities in place to combat or recover from an attack. Many companies go out of business within six months of a server assault.
The Best Offense is Solid Defense
Even if your website doesn’t suffer a direct hit, information can still be accessed. There is no way to prevent DNS attacks entirely, but measures can be put in place to reduce their destructive power. You can either scale up your capabilities or harden your network on a deeper level to mitigate the risk of attack.
Here are some practices that will improve your defense mechanisms.
- Audit DNS zones – Many admins concentrate on the main server and forget about other hosting and DNS zones. However, attention should also be paid to test domain names,
sub domains, and unrestricted areas that may run outdated or unprotected software.
- Validate record changes – Related to point number one, you should validate any changes you find in A, NS, CNAME, and MX records that you notice during your audits. You can find examples of this in our basic tech talk webinar.
- Monitor and validate logs – In addition to auditing main DNS and subdomains, log monitoring is essential. It’s tedious, but not monitoring and validating the source IPs in OWA/Exchange logs could mean overlooking a problem until it leads to a DNS attack.
- Use multi-factor authentication – Single passwords are no longer enough to restrict access, even if they’re hard to crack. Implement two-factor authentication on your domain’s administration portal as well as other potentially vulnerable access points that hackers probe for entry. This tactic also should reduce the incidence of employees falling for social engineering attacks like phishing and domain spoofing.
- Use encryption – Hardening access is one thing, but all of your data and information should also be encrypted to protect it from prying eyes. Install and use a strong VPN service to shield your domain name, activity, and other information from hackers and spies. A company policy mandating no one connects to the internet without a VPN turned on is a smart move. You should also search for SSL certificates that are related to your domain and revoke any malicious certificates.
- Keep software updated – Security and updates are often left up to the web hosting service and individual users, but they are not the only ones incumbent. Website owners and administrators are responsible for making sure that their hosting service keeps on top of the latest updates and security patches. In addition, you should maintain the most current anti-malware and anti-virus protections yourself. When in conjunction with the other best practices outlined, you have a multiple-layer application of protection.
- Probe for vulnerabilities – Hackers spend a great deal of their time probing domains and servers for easy access points. Combat these advances with regular internal investigations. Performing these tests will expose points of weakness and harden them before someone else exploits them. This will also allow you to determine if a DNS attack has already happened. It takes an average of six months before the average website admin notices infiltration, and a lot of damage can be done during that time.
The scale at which bad actors around the globe are exploiting vulnerabilities in DNS highlights the evolution of hacker tactics, techniques, procedures, and the damage they cause.
DNS attacks are difficult to defend against, which is why you need a corporate brand services partner with the tools and experience to protect your digital assets. It takes diligence to understand where the threats are most likely to hit. Once you have this insight you can put the appropriate defensive measures in place to reduce risk and exposure to DNS attacks.
YOU'VE BUILT YOUR BUSINESS AND YOUR BRAND. NOW HOW DO YOU SECURE AND PROTECT IT?
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.