Home / Blogs

78% of Cybersecurity Professionals Expect an Increase in DNS Threats, Yet Have Reservations

A recent survey conducted by the Neustar International Security Council confirmed the heightened interests on domain name system (DNS) security. The survey reveals that over three-quarters of cybersecurity professionals anticipate increases in DNS attacks, especially with more people shopping online amid the pandemic. Yet, close to 30% have reservations about their ability to respond to these attacks.

Their top concerns are:

  • Domain hijacking (41%)
  • DNS spoofing and cache poisoning (28%)
  • DNS attacks (60% of respondents having been hit by at least one in the past year)

CSC’s research on top global eCommerce and shopping domains also reflects similar findings. We found that over 70% of typo domains are owned by third parties, and at least 40% of those show characteristics for mal intent.

The critical importance of domain names in cybersecurity can be demonstrated from recent cyber attacks. In the Liquid cryptocurrency exchange platform incident, hackers were able to gain access to internal systems and databases by compromising the domain name used. In a separate incident on an IT solutions provider, SolarWinds, a key domain name avsvmcloud[.]com was used in a nefarious global campaign to distribute malware, impacting public and private organizations around the world. In this case, the attack was mitigated by Microsoft® when they seized the domain name avsvmcloud[.]com as a kill switch. These cases highlight how domains and DNS can both be used for cybersecurity, and exploited by bad actors for cyber attacks.

There are security controls that can be put in place to reduce threats to domains and DNS, otherwise, the attacks can impact a company’s brand reputation and revenue. We recommend taking a defense-in-depth approach, including:

Use an enterprise-class provider

Organizations should validate their domain name registrar is Internet Corporation for Assigned Name and Numbers (ICANN) and registry accredited, and can demonstrate their investment into systems and security; this should include both staff training on cybersecurity, as well as a variety of controls, processes, and security measures that ensure a defense-in-depth approach.

Secure domain name and DNS portal access

Organizations should seek to consolidate domains and DNS with one provider. The provider should offer two-factor authentication, IP validation, and federated identity for a single sign-on environment.

Control user permissions

Organizations should routinely review permissions for staff with access to domains and their DNS portal. A secure provider should be able to alert companies to changes in permissions and implement their authorized contact policy. Only trusted individuals should have access to elevated permissions.

Leverage advanced domain security features, such as:

  • DNS security extension (DNSSEC). This encrypts queries to the internet service providers and acts as a visual deterrent for cyber criminals. Moreover, DNSSEC digitally signs the root zone, which means the user can be confident of reaching a legitimate website.
  • Registry locks. This stops automated changes of DNS records, preventing execution of unauthorized requests.
  • Digital certificate policy. With certification authority authorization (CAA) records, only authorized certification authorities are allowed to issue a certificate on your domains.
  • Domain-based message authentication, reporting, and conformance (DMARC). This gives organizations protection against unauthorized use of their domains, commonly known as email spoofing.
  • Proactive, continuous monitoring and alerting. This ensures the domain name registrar or DNS hosting provider has continuous monitoring and alerts in place. An example of a robust monitoring and alerting system is CSC Security CenterSM.
NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Alban Kwan, East Asia Regional Director at CSC

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com