The Rapid Rise In DNS Attacks Demands New Approaches To Cyber Defense

Uploaded on 2023-10-02 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

A staggering 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023. Many of those incidents involved a DNS (domain name system) attack. Every DNS has weaknesses, and there are several ways that attackers can exploit them.

One popular method is a “DNS flood,” a distributed denial-of-service attack that overwhelms a targeted DNS server. A DNS attack of any kind can do severe damage. It can disrupt online services and create opportunities for attackers to exploit the resulting chaos for further malicious activities, including the insertion of ransomware to encrypt critical data before a ransom demand for the decryption keys.

Misconfigurations in DNS infrastructure can also serve as entry points for ransomware attacks. Cybercriminals exploit these weaknesses to gain unauthorised access to an organisation’s network. Once inside, they can distribute ransomware payloads.

But wait, there’s more. Bad actors can exploit DNS vulnerabilities to execute DNS hijacking attacks. For instance, hackers can take advantage of the DNS system to steer their victims away from the websites they frequent and lead them to imposter sites that appear legitimate. These fake sites can trick victims into entering their login credentials or downloading malicious files. Providing these details can help attackers move laterally within the network or deliver a ransomware payload.

Stepping Up To Zero

As ransomware grows more sophisticated - and DNS attacks become more frequent - organisations are trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems. One such approach is “zero trust” security. Zero trust isn’t a single product or technology. It’s a fusion of policies, best practices, and available products.

Zero trust aims to create an environment that offers comprehensive protection against potential threats.

A zero-trust approach enhances the integrity and security of backup systems by fundamentally changing how organisations think about network security. In a traditional security model, once a user or system gains access to a network, they often have broad access privileges, including backup systems. However, with zero trust, a company never assumes trust and enforces security at every level, including backup systems. Thus, the name.

Zero trust follows the principle of least privilege, meaning that the company grants users or systems only the minimum access required to perform their specific tasks. In the context of backup systems, this ensures that only authorised personnel and processes have access to backup data, which reduces the risk of unauthorised access and data breaches.

Zero trust relies on continuous authentication and monitoring. Users and systems are authenticated at the initial login and throughout their session. This approach ensures access remains appropriate, and a company can revoke access when any suspicious activity is detected, preventing unauthorised access. Moreover, a company can promptly identify any unusual behaviour or access patterns and take action to investigate and mitigate potential threats. This real-time monitoring helps safeguard the integrity of all systems—including backup systems.

Focusing On Recovery

The primary goal of any backup strategy should be the ability to recover data effectively when needed. In other words, the focus should not solely be on making backups but on ensuring that a company can restore them to their original state. Often, customers secure their environment, create multiple copies of their data, and store it in various locations, including the cloud. Sounds like a robust backup plan, right? But the real test is in the restoration process.

When data is lost or compromised, the speed and efficiency of data recovery are vital. By prioritising recovery, you minimise downtime—which these days is essential. Data recovery becomes a critical defence mechanism as ransomware and DNS attacks increase. If a company can recover data quickly and effectively, it reduces the leverage that cybercriminals have to demand a ransom.

Does an emphasis on recovery work? The news suggests that it does. Recent reports show that most organisations now recover from backups rather than pay ransom. While this approach doesn’t guarantee 100% data recovery, it is often more cost-effective and helps maintain data integrity. Remember that it depends on a solid backup and recovery strategy.

To recover 100% of your data, you must ensure that your backup procedures are robust, regularly tested, and aligned with evolving data and environment changes.

Customers sometimes struggle with data recovery not because of the backup itself but due to outdated policies that miss essential data or fail to back up correctly. It’s crucial to stay on top of the basics in data protection, especially in the context of evolving threats like ransomware and DNS attacks.

Final Thoughts

I want to finish with a few words on cooperation. Many companies nowadays desperately try to stay one step ahead of the bad guys. But they can’t do it alone. We can’t do it alone. It’s time to consider what companies can accomplish when collaborating and sharing resources. Ironically, it’s the malicious actors who often share their tactics and strategies on the dark web. The good guys need to start banding together, too.

It’s not easy. If your organisation falls victim to an attack, you don’t start posting about it online. You’re reticent to give out details. That’s normal. But if all organisations share more information about attacks, we can help each other and immensely improve global protection against cybercrime.

Mark Johnson is Senior Director of Global Alliances at Arcserve                    Image: metamorworks

You Might Also Read:

Why DNS Protection Should Be A Crucial Part In Building Cyber Defense:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« The US Security Standard For IoT Devices
Airline Customer Data Left Exposed For Months »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

The Hacker News (THN)

The Hacker News (THN)

THN is a leading source for Information Security, Hacking News, Cyber Security, Network Security with in-depth technical coverage of issues and events

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

IMS Networks

IMS Networks

IMS Networks specializes in the design and management of high criticality networks and telecoms services including network security and Managed Security Services.

NRD Cyber Security

NRD Cyber Security

NRD Cyber Security create a secure digital environment for countries, governments, and organisations and implement cybersecurity resilience enhancement projects around the world.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

National Cryptologic Foundation (NCF) - USA

National Cryptologic Foundation (NCF) - USA

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Xmirror Security

Xmirror Security

Xmirror Security focuses on integrated detection and defense of the continuous threat to the DevSecops software supply-chain with artificial intelligence technology as the core.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Flare Systems

Flare Systems

Flare proactively detects and remediates exposure across the clear & dark web, providing organizations with the equivalent of an automated cyber reconnaissance team.

Abstract Security

Abstract Security

Abstract Security has created a revolutionary platform, equipped with an AI-powered assistant, to better centralize the management of security analytics.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Corgea

Corgea

Corgea is AI-powered security platform that finds, triages and fixes your insecure code.