k-artz - stock.adobe.com

DNS attacks on the rise in APAC

Attacks on the domain name system in Asia-Pacific grew by 15% last year, with Malaysian organisations seeing the sharpest rise in damages among countries in the region

Cyber attacks on domain name systems (DNS) targeted at organisations in Asia-Pacific (APAC) grew by 15% in 2020, leading to downtime, theft of customer information and other damages, a study has found.

According to EfficientIP’s 2021 Global DNS threat report, Malaysia saw the sharpest increase in damages at 78%, with the average cost per DNS attack growing from $442,820 in 2019 to $787,200 last year.

In India, the cost of DNS attacks on organisations grew 32% in 2020, while that of Singapore fell 12% to $898,180 compared to the previous year.

When it comes to threat vectors, cyber attackers have been targeting the cloud, profiting from growing usage of public cloud infrastructure.

Around a quarter of companies have suffered a DNS attack that took advantage of cloud misconfigurations, with almost half (47%) suffering cloud service downtime as a result. In Asia, 54% respondents faced in-house app downtime and 52% of cloud service downtime due to DNS attacks.   

The global research, conducted by IDC across North America, Europe and APAC, also found a sharp rise in data theft via DNS, with 26% of organisations reporting sensitive customer information stolen compared to 16% in the previous year.

Meanwhile, there is growing evidence that cyber attackers are targeting more organisations and diversifying their toolkits – sometimes drastically. Specifically, more threat actors are employing domain hijacking, where users are connected not to the desired service but to a fake one, more than twice as often as before.

Phishing also continued to rear its ugly head, with nearly half of organisations experiencing phishing attempts, as did malware-based attacks (38%) and traditional distributed denial-of-service attacks (29%). India had the highest phishing rate in Asia (49%), followed by Singapore (46%) and Malaysia (43%).

Although the cost and variety of DNS attacks remains high, there is growing awareness of DNS security and how to combat these attacks.

About three quarters of respondents deemed DNS security a critical component of their network architecture. Additionally, 75% of companies are planning, implementing or running zero-trust initiatives and 43% of companies believe DNS domain deny-and-allow lists are highly valuable for zero trust for improving control over access to apps.

Organisations in Singapore and Malaysia also see the importance of zero trust initiatives, with 80% and 75% planning, implementing or running zero-trust initiatives, respectively.

“While it is positive that companies want to use DNS to protect their increasingly remote workforces, organisations are continuing to suffer the costly impacts of DNS attacks,” said Romain Fouchereau, a research manager at IDC.

“As threat actors seek to diversify their toolkits, businesses must continue to be aware of the variety of threats posed, ensuring DNS security is a key priority to preventing these,” he added.

Although DNS offers valuable information that can be used to fend off cyber attacks, 25% of companies do not analyse their DNS traffic, according to the study.

“This past year of the pandemic has shown us that DNS must play a role in an effective security system,” said Ronan David, vice-president of strategy at EfficientIP.

“As workers look to permanently transition to off-premise sites, making use of cloud, IoT, edge and 5G, companies and telecom providers should look to DNS for a proactive security strategy. This will ensure the prevention of network or application downtime as well as protecting organisations from confidential data theft and financial losses,” he added.

Read more about cyber security in APAC

  • Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors.
  • ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats.
  • Australia’s Channel Nine was taken off the air by a cyber attack on its IT systems that disrupted live broadcasts out of its Sydney broadcasting facility.
  • Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.

Next Steps

Namecheap refines strategy to fight malicious domains

Read more on Network security management

Data Center
Data Management