igor - Fotolia

High percentage of education organisations were victims of DNS attacks in 2016, survey finds

The majority of worldwide education organisations were hit with a DNS attack in 2016, according to a survey from EfficientIP

Nearly 80% of education organisations were victims of at least one DNS attack in the past year, according to research from EfficientIP.

The Global DNS threat survey report questioned IT and business executives from 1,000 organisations worldwide to find out what types of DNS attacks they were aware of, how they prepared against them and the impact of an attack.

Organisations in the transport sector were the worst hit, with 85% saying they were victims of a DNS attack. The lowest hit sector was communications at 74%.

DNS tunnelling was the most well-known type of attack, with 40% of worldwide education organisations saying they were aware of it.

Furthermore, 39% were aware of DNS-based malware and 34% knew of distributed denial of a service (DDoS). But Herve Dhelin, senior vice-president of strategy at EfficientIP, said these numbers are too low.

“There is a problem of awareness about DNS-based threats in general,” he said. “It’s strange, the lack of awareness. If we look to the statistics, more than 40% of public sector organisations suffered a DNS-based attack every quarter.”

Dhelin said the majority of respondents use firewalls or next-generation firewalls to protect their DNS infrastructure, but these are not the best solutions. “[Businesses] think they are protected – they invested a lot of money in this kind of security solution. It’s good, it works, but not for DNS,” he said.

“You can easily exfiltrate data from any organisation using the DNS protocol, and all the firewalls on the planet will be blind. So the maturity and awareness about the threat landscape on DNS infrastructure is really low.”

According to the research, when 11 “critical” security patches were released simultaneously in 2016, 89% of education organisations only applied between four and 10 of them.

Read more about DNS attacks

The survey also found that 30% of public sector organisations closed a specific process after being attacked, which Dhelin described as another wrong decision.

“What they are doing is exactly what the hacker was trying to achieve – to stop a service. It’s not the right action to take because your customers are suffering because you’re disabling an application,” he said.

Being aware of DNS threats is becoming more important as the number of attacks is increasing, said Dhelin, adding that there will be an increase of between 5% and 15% year-on-year for attacks across different sectors.

Read more on Security policy and user awareness