DNS attacks have grown in both cost and frequency. This is according to findings from the Domain Fraud Threats Report by Proofpoint. The report found that Chengdu West Dimension Digital, NameSilo, Public Domain Registry and GoDaddy are the top fraudulent domains.
Of the millions of fraudulent domains that were registered, 25 per cent have security certificates. In addition, more than 90 per cent remain active on a live server. Finally, more than 15 per cent have mail exchanger records.
“Fraudulent domains ‘hide in plain sight’ by using many of the same top-level domains (TLDs), registrars, and web servers as legitimate domains. For example, 52% of all new domain registrations in 2018 used the .com TLD. The TLD was similarly popular with fraudsters: nearly 40% of new fraudulent domain registrations used .com,” Proofpoint’s Ali Mesdaq wrote in a blog post back in June.
The rise in DNS attacks
In related news, according to findings by IDC’s 2019 Global DNS Threat Report, commissioned by Efficient IP, DNS attacks cost an average of $1.07 million for organizations. This is a large jump of 49 per cent from last year.
A significant number of organisations have seen a 34 per cent increase in DNS attacks since 2018. Despite this, more than 85 per cent of top retail brands found domains selling counterfeit versions of their products. What’s more, 63 per cent of organisations suffered application downtime. The report also discovered that 45 per cent of organisations had their websites compromised. As well as this, 27 per cent experienced business downtime.
“One in five businesses lost over $1 million per attack and causing app downtime for 63% of those attacked,” a June press release said. The study also made note of the changing popularity of attack types. This reflects a shift from volumetric to low signal and includes, phishing, malware-based attacks and distributed denial of service (DDoS).
“With an average cost of $1m per attack and a constant rise in frequency, organizations just cannot afford to ignore DNS security and need to implement it as an integral part of the strategic functional area of their security posture to protect their data and services,” said Romain Fouchereau, research manager European security at IDC.
Prepare for any potential threat by joining us for ECS UK
Join us on 24th September for Whitehall Media’s 4th Enterprise Cyber Security conference where we bring together hundreds of cybersecurity and InfoSec specialists from both the public and private sector committed to protecting the largest organisations from a growing cyber threat. Covering secure systems, new threats and defences and the ways organisations can adapt to provide the best possible security for their customers and employees.