Site icon Panda Security Mediacenter

Carlos Arnal: “The economic impact of a DNS attack is too great to ignore the vulnerabilities that would enable it”

DNS- attacks

One of the main problems with DNS attacks is the increasing cost of the damage they cause, as well as their rapid evolution and the diverse range of attack types. Data exfiltration over DNS is a major concern in corporate environments. In order to protect themselves, organizations are prioritizing the security of network endpoints and improving DNS traffic monitoring.  We discussed this with Carlos Arnal, Product Marketing Manager – Endpoint Security at Panda.

Because it is a profitable type of attack for cybercriminals when it comes to achieving their aims, which range from financial profit to obtaining the main asset that companies today hold: data.  To achieve this goal, some attacks aim to bring down certain platforms, such as a web page, saturating the resources of the system that hosts the service, and sending an avalanche of requests that cannot be processed. Other attacks try to modify IP addresses, replacing the IP of the legitimate server with a fake IP address, and thereby causing the user to connect to an illegitimate server so the attackers end up with the data, especially passwords and account details.

It should be noted, however, that these attacks are not only perpetrated by organized cybercrime gangs for financial gain; they are also carried out by attackers as a means of protest and web activism against government decisions or corporate activity. As we’ve seen in the past, this type of attack has caused temporary outages even for companies the size of Twitter, Tumblr, Spotify, The New York Times, or CNN. Finally, it is worth underlining that these attacks not only affect home-user systems, but also many digitalized services that are essential in our day-to-day business lives, often causing them to fail at critical times.

In the same way that the number of fraudulent domains, phishing emails, and other cybercrime tactics using COVID-19 as bait have increased, so have DNS attacks. And not just in number, but also in the amount of bandwidth and resources consumed, as well as their increased complexity. Although Internet providers and cloud-based endpoint security solutions have strived to deal with the increased traffic, given the sudden changes in system management and the need to reinforce endpoint protection outside the typical security perimeter -due to the increase in telecommuting-  we have also had to combat DNS attackers , who have been all the more active during lockdowns, as recent studies indicate.

There are a wide range of DNS attack types against which companies should be taking preventive measures, each with its own peculiarities and equally concerning for businesses. Firstly, there are DDoS (Distributed Denial of Service) attacks on DNS servers .This consists of using a large number of devices to attack the target. DDoS attacks are often carried out by bots: infected systems whose owners are frequently unaware that their devices form part of a malicious network. It differs from DoS attacks in that, with DDoS attacks, each request comes from a specific IP, so it is a far more difficult type of attack to detect.

The second form of these attacks that most concerns companies is DNS data exfiltration. In this case, cybercriminals take advantage of the DNS to extract information using the DNS protocol, creating a tunnel to transfer information or even take control of computers. Firewalls and other traditional security solutions, while still useful, are insufficient in combating this threat, as they do not have the ability to detect, block, or remedy such attacks.

Another variant of these attacks to cause IT professionals most headaches is the zero-day attack. Here, attackers exploit a security hole in the DNS protocol or server software on the same day that vulnerability is discovered and before it has been patched. By sending a pre-formulated query to the server, attackers can block the system and cause serious problems for the targeted company.

The most effective way of avoiding these threats and protecting corporate networks and systems from their consequences is to implement  advanced cybersecurity solutions such as Panda Adaptive Defense which provide centralized protection for all endpoints and servers, with automated EDR prevention, detection, and remediation.

The economic impact of a DNS attack is too great to ignore the potential vulnerabilities that would enable it, so awareness against this type of attack and about the importance of cybersecurity in general is increasing among companies. Over the last year, organizations have suffered 34 percent more attacks, meaning an average cost of 950,000 euros (US$1.07 million) for one in five companies – according to IDC – causing application outages in 63 percent of cases. An insecure DNS system is in itself an open invitation for attackers to access a company’s information and reduce online service time. For this reason, it is vital for companies to invest as many resources as possible in implementing appropriate cybersecurity measures and solutions, particularly bearing in mind how widespread these attacks have become.

 

Exit mobile version