Criminal extortion emerged as the number one motivation behind Domain Name System (DNS) attacks, overtaking vandalism and ideological hacktivism, according to a recent Arbor Networks Annual Worldwide Infrastructure Security Report.
These findings, says the report, reflect the increasing 'professionalism' of the criminal threats, and the higher financial risk that organisations are now facing.
The Arbor Networks Annual Worldwide Infrastructure Security Report provides insight into the nature of today's network security threats, and the ways in which enterprise network operators and service providers are facing up to these attacks.
The study further found one third of respondents had experienced DDOS attacks against their DNS infrastructure in the past year - almost double the number from the previous year.
Over 350 international organisations that provide network infrastructure for thousands of companies all over the world were surveyed for the study. Twenty-nine percent of these respondents operate in the Middle East and Africa region, making the report relevant to local businesses.
The majority of responses (52%) came from service provider organisations such as cloud service, wireline broadband, data centre services, representing a more diverse view of different types of networks. The rest were enterprise verticals specialising in technology, finance, insurance media and more.
Bryan Hamman, territory manager for Sub-Saharan Africa at Arbor Networks, says as network providers accelerate their use of Internet Protocol Version 6, there have been more volatile network environments with wider surfaces of attacks.
"The most alarming findings are that 26% of enterprise network operators still have no formal security group responsible for DNS infrastructure - creating the ideal incentive for attackers to intensify efforts towards those with weaker security postures.
"The financial and reputational damage from these attacks runs well into the billions of dollars," he asserts.
This onslaught, adds Hamman, has spurred organisations to bolster their investments in security tools and processes to deal with attacks.
"Respondents noted that NetFlow analysers are the most effective way of detecting threats, and also the most commonly deployed. However, the second most used detection tool, firewall logs, ranked a lowly sixth in terms of effectiveness," he pointed out.
Organisations relying on firewall logs alone are unlikely to prevent all DDOS threats, warned Hamman.
According to Network world, DNS-based attacks are on the rise because many organisations don't realise DNS is a threat vector and therefore don't protect it.
"The problem with traditional firewalls is that they leave port 53 open, which is for DNS queries. So they are not always effective in protecting against DNS-based DDOS attack such as amplification, reflection, etc.
"They require extremely high computer performance to accurately detect DNS-based attacks, making deep inspection an impractical approach in terms of cost and the number of distribution points that are needed. Hence traditional protection is ineffective," says the Web site.
EfficientIP, provider of DDI solutions, recently released a DNS Security Report which looks at the technical and behavioural causes for the rise of DNS vulnerabilities and the potential business effects.
The study discovered that 74% of CSOs and network directors had been victims of DNS attacks. However, despite 79% being aware of the risks associated with DNS, only 59% were using any form of DNS security.
Hamman says while local organisations now have unprecedented opportunities to reach global consumers, through highly-networked, digital marketplaces, the corollary to this is that SA companies move into the firing line for some of the world's most aggressive DNS attack syndicates.
"South African organisations will likely see an increase in the volume and severity of network attacks over the coming years, as hackers continue to search for targets that offer the best possible chance of successful attacks," he concludes.
Share