2021 Global DNS Threat Report reveals the extent and impacts of DNS attacks

Published: Tuesday, 07 September 2021 07:53

During the COVID-19 pandemic, the financial sector has suffered the highest costs per DNS attack, compared to other industries. This was revealed in the 2021 Global DNS Threat Report, a study recently published by EfficientIP and the International Data Corporation (IDC).

Damages in the financial services industry cost nearly $1.1 million per attack – whereas the average cost across all sectors for organizations surveyed is $950.000. While the average cost in the sector slightly declined compared to last year, organizations in the finance sector continue to be an attractive target for DNS attacks due to the high volume of sensitive customer and financial data.

The report found that 91 percent of financial institutions suffered from at least one DNS attack. Companies affected fell victim to an average of 8.3 attacks within the last 12 months, which is above the global average of 7.6. attacks. Surveyed institutions also reported it took 6.12 hours to mitigate each attack on average, which is higher than the all-industry average of 5.62 hours. Attacks on financial institutions not only hurt the companies that are being targeted by threat actors but have a wider implication for economies and can therefore have a widespread negative impact.

The financial industry is the sector most likely to experience phishing attacks (55 percent of financial institutions) and DNS-based Malware (42 percent). Other notable DNS attack types reported were distributed denial-of-service (DDoS) attacks (35 percent), DNS tunnelling (30 percent), domain hijacking (30 percent) as well as Zero Day Vulnerabilities (26 percent).

Apart from high damage costs, the most common ramifications surveyed organizations reported were cloud service downtime (52 percent) and application downtime (52 percent), which can cause severe financial losses as they impede time-sensitive transactions in the more and more digitized finance ecosystem. Further, companies reported brand damage (23 percent), compromised websites (43 percent) and stolen customer information (24 percent) such as bank account details or credit card information. These effects can seriously undermine the trust in affected organizations by end users. Exfiltration of data via DNS is very common, and nearly always goes unnoticed by firewalls as they are incapable of performing the necessary context-aware analysis of traffic. 

According to the report, 78 percent of surveyed financial services institutions have turned to Zero Trust initiatives and are either planning, implementing or adopting them. 79% believe DNS domain deny-and-allow lists are highly valuable for Zero Trust, as they help control which users can access which apps. Furthermore, 55 percent of financial institutions have recognized the importance of DNS security for protecting remote workforces, a factor that has become especially prominent over the course of the pandemic. It is also the industry most likely to consider implementing private DoH (DNS over HTTPS), with 56 percent of surveyed institutions affirming this (compared to 51 percent across sectors). A private DoH solution ensures all DNS traffic from users and devices uses the organization’s infrastructure, thus allowing for better security, filtering and observability. Like many other industries the financial sector believes in the critical role DNS security plays for its protection against attacks (77 percent of surveyed institutions agreed with this statement). This underlines the pivotal role DNS security plays and underlines it as one of the key investment areas within the financial sector to ensure secure and reliable operations.  

More details.