The Domain Name System (DNS) plays an essential role in resolving IP addresses and hostnames. For organizations, it ensures that users reach the proper sites, servers, and applications. While it’s a fundamental base for a functioning Web, the problem is that this system can easily be abused.

Attackers often prey on the DNS’s weaknesses to point would-be site visitors to specially crafted malicious pages instead of the ones they wish to land on. For that reason, companies need to adopt specific countermeasures if they wish to ensure the safety of their site frequenters.

While larger enterprises have begun protecting their DNS infrastructure by gathering relevant threat intelligence, enforcing security policies, and automating redundant tasks, and so on, smaller ones have yet to follow.

To look closer at these points, this post tackles the growth of DNS-based attacks over time and how organizations can protect relevant stakeholders against them with actionable recommendations.

DNS-Based Attacks: Volume Increases Annually

What are we really up against? A 2019 DNS threat report shows an increase in the number of DNS attacks as well as the damage they caused in the past year. Here are a few of the relevant statistics presented:

• More than 80% of the organizations surveyed said they suffered from a DNS attack.
• The costs incurred due to these breaches rose by 49%; with an average cost per attack above US$1M.
• The most targeted sector was financial services; the media and telecommunications sector, meanwhile, was most affected by brand damage; government agencies, on the other hand, suffered most from the theft of sensitive data.

Organizations victims of DNS-based attacks often only take a reactive stand to incidents. As part of this, companies may need to shut down affected processes and applications.

Of course, slowing down or even stopping operations isn’t a solution. Instead, the surveyed organizations cited the following approaches to deal with DNS-based threats:

• 64% use DNS analytics solutions to identify compromised devices.
• 35% work with both internal threat intelligence and internal analytics on DNS traffic.
• 53% consider machine learning (ML) useful to pinpoint malicious domains.

Counteracting DNS-Based Attacks

A proactive approach to DNS security is a must-have. Ideally, operations need to implement zero-trust initiatives—monitor internal and external traffic, label all activity that is untrustworthy by default in real-time, etc. Additionally, some helpful immediate actions organizations can take to prevent DNS attacks include:

• Gather and analyze internal threat intelligence: The primary goal of this task is to safeguard an organization’s data and services. Apps and platforms designed to perform real-time DNS analysis can help detect and prevent a wide variety of attack attempts. Reverse MX and reverse NS APIs can be integrated into these systems to uncover domains that are associated with certain threat actors or groups.
• Configure their DNS infrastructure to adhere to security requirements: Companies can combine DNS security with IP address management (IPAM) to automate security policy management. Apart from that, both systems can ensure that all policies are regularly updated, follow a uniform format, and are easy to audit.
• Enable DNS traffic visibility across the entire network to accelerate security operations center (SOC) remediation: Using third-party data feeds and APIs as additional threat intelligence sources allow for real-time behavioral threat detection that bolsters the capabilities of security information and event management (SIEM) software and unified threat management (UTM) appliances.

* * *

The increase in DNS attack volume and sophistication has shed more light on the importance of fortifying organizations’ DNS infrastructure. Without securing the DNS system, which we have written extensively in this primer, no amount of security solution or policy implementation can effectively defend networks against related threats.