DNS attacks Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

DNS attacks

Telecoms networks attacked the most by hackers

960 640 Stuart O'Brien

Telecoms organisations face the most DNS-based attacks, and each attack costs companies an average of £460,000 to remediate, according to a new cyber security report by EfficientIP.

EE, TalkTalk and other recent outages remind us of the pressure telecoms and their networks are beginning to face due to the rise of edge computing, mobile app usage and on-demand videos to name a few.

The findings from EfficientIP research on the global telecoms industry shows how much access into DNS Server is valued by cyber criminals. A successful cyber breach on a telecoms organisation could lead to a loss of revenue for businesses due to slower internet connections and no landline telephone services. The research found four key themes:

DNS-based attacks cost organisations globally £1.7 million on average every year across several industries.

  • 76% of all organisations globally were subjected to a DNS attack in the past twelve months, and 28% suffered data theft.
  • 42% of all respondents in the UK spent an entire business day (six hours) to restore their systems.
  • Top five security threats for Telecoms organisations are: DDoS (42%), Malware (36%), DNS Tunnelling (31%), Cache Poisoning (28%) and Zero-Day Exploits (20%).

Telecoms have suffered more attacks than any other sector surveyed, with organisations admitting to having faced four attacks on average over the last twelve months.

The average cost to fix a single attack is £460,000 in the telecoms sector, the highest in the survey. To put that into perspective, the average cost for the healthcare sector is £210,000.

Furthermore 5% of telecoms organisations surveyed admitted an attack cost them more than £3.75 million.

A quarter of telecoms organisations (25%) admitted they have lost sensitive customer information as a result of a DNS attack. This is higher than any other sector surveyed.

For 42% of telecoms companies surveyed, attacks resulted in in-house application downtime, which causes poor customer experience online. This number is the highest in the survey, tied with education (42%) and services (42%), followed closely by manufacturing (39%) and retail (37%), the lowest number going to the public sector (28%).

As recent cyber-attacks showed how crucial patching was to avoid easy exploits, telecoms have only applied an average of four patches out of the 11 critical patches recommended by ISC in 2016.

EfficientIP’s CEO, David Williamson, points out that recent news makes it more urgent than ever Telecoms organisations protect their networks from DNS-based attacks and improve their network management tools.

He said: “Telecoms organisations need to adapt to the new surge of cyber-attacks and cannot use yesterday’s security technology for today’s problems, otherwise short and long term costs could strike a severe blow to company revenues.” He added: “To face recent industry challenges and customers’ high performance expectations, the communications sector needs to change their approach to network management and incorporate automation as quickly as possible.”

UK Public and education sector face major DNS threats

960 640 Stuart O'Brien

New research has revealed DNS-based attacks cost global organisations an average of over £1.7 million in 2016 alone, with UK councils, Government offices and schools affected badly.

One in five (19%) of public sector sites and 11% of education bodies affected by DNS attacks say sensitive information was stolen, compared to 16% in the UK overall. A fifth (20%) of public sector and 12% of educational victims also think intellectual property data was lost compared to 15% for UK organisations overall, while 10% of schools and colleges affected say they needed to take more than one day to recover.

This is in the context of annual average costs of DNS security breaches to be now running at £1.7m ($2.2m) for organisations globally, with malware (35%), DDoS (32%), Cache Poisoning (23%), DNS Tunnelling (22%) and Zero-Day Exploits (19%) as the main threats.

The findings come from the 2017 Global DNS Threat Survey report, created by EfficientIP.

David Williamson, CEO of EfficientIP, pointed out that the imminent (May 2018) arrival of the General Data Protection Regulation (GDPR) should sound loud alarm bells for CIOs and CISOs working in the sectors. “In less than a year, GDPR will come into effect, so organisations really need to start rethinking their security in order to manage today’s threats and save their businesses,” he added.

Over a third (35%) of public sector organisations and a quarter (25%) of education organisations have been subjected to DNS-based Malware, DDoS (31% and 22%), Cache Poisoning (26% and 24%), DNS Tunnelling (20% and 19%) and Zero-Day attacks (19% and 13%) in the past year.

49% of education sector DNS victims also stated the size of the DDoS attack they faced was between 1Gbits/sec and 5Gbits/sec and almost a third (30%) between 5Gbits/sec and 10Gbits/sec.

Although 59% of public sector organisations and 57% of education organisations have a hosted/cloud DNS Appliance base, 36% and 35% respectively suffered cloud service downtime in the last 12 months.

“The results once again highlight that despite the evolving threat landscape and the increase in cyber-attacks, organisations across the globe and their IT departments still don’t fully appreciate the consequences of DNS-based attacks,” added Williamson.

To read the full report, click here