While organizations strive to keep their internal environments safe, it is also crucial to counter the internet-based threats. FBI’s Internet Crime Report 2018 reports that internet-based exploitation, frauds and theft have been responsible for about $2.7 billion financial losses in 2018. Researchers find that cybercriminals exploit Domain Name Systems (DNS) in most of the internet-based and web application attacks.
For instance, take the example of the attack on the cloud-based messaging app Telegram, compromising which, APT34’s hacking tools as well as data belonging to victims has been exposed since March 2019.
It is therefore necessary for organizations to take measures for protecting their networks and end users from internet-based attacks.
DNS is the most commonly exploited tool for such attacks, initiated through phishing. Therefore, Paul Griswold from IBM security suggests that organizations should not consider the DNS they receive from their Internet service providers as ‘clean’. Not being skeptical about the ISP-provided DNS may lead to harsh consequences. The domain assets need more attention to avoid security glitches.
When domain registries aren’t fully managed, it may lead to DNS attacks, adds Griswold, saying that the domain registries can be repurchased and the domains can be exploited to compromise the DNS servers.
Although major internet-based attacks arise out of DNS exploitation, vulnerable Web applications are the reason for major security glitches and may also yield harsh consequences for organizations. Users often use vulnerable versions of these web applications, adding to the probability of cyber-attacks.
Additionally, with the proliferation of IoT based endpoints and devices, attack vectors are increasing exponentially and the internet arena is becoming more and more threatening for organizations.
To save their integrity from compromise due to internet-based attacks, organizations need to reinforce strong security measures, blocking threats coming from the internet. Advanced DNS analytics also provide advanced threat intelligence to organizations for enhancing the detection of malicious tools and compromised devices. Such threat intelligence greatly helps prevent cyber-attacks across the network.
Looking at the growing number of DNS based cyber-attacks, experts suggest that organizations should also introduce redundancy at all levels of a server infrastructure, including the DNS host. Redundancy means deployment of a secondary DNS network, in order to move traffic from a failing server to a live redundant server that will subsume the queries for the former.
Keeping in view the threats coming from expansive internet arena, NS1’s Zeman recommends the following precautions for organizations:
Keeping in view the harsher consequences of DNS attacks and web application attacks on businesses, organizations should prioritize DNS protection, and patching of vulnerable web applications, as it is very crucial for overall network security.