As a core backbone of the infrastructure, Domain Name Service (DNS) acts as the phone book of the Internet. It helps route users hunting for a specific domain name and connects them to the resources of the IP address connected to that domain. When it runs the way it is supposed to, it is nearly invisible to the typical user — and even to many technical administrators. This lends an air of obscure simplicity that leads many organizations to assume that DNS is a background service that doesn't require more than basic protection and is covered by other Web and email defenses.
That couldn't be further from the truth. A new report from Dark Reading outlines the threats against DNS and what organizations should do to secure DNS infrastructure.
Some of the most common DNS attacks include:
- Denial of service, which overwhelms DNS services with traffic to disrupt or disable DNS service at an organization.
- DNS cache poisoning, which manipulates the DNS cache to redirect users trying to go to a legitimate domain to a malicious IP address.
- DNS hijacking, which changes the DNS records of a domain to redirect users to a malicious IP.
- DNS tunneling, which leverages outbound DNS traffic to smuggle malicious data from malware exploitation back to attackers' C2 infrastructure.
- Dangling DNS, which takes over an unused subdomain on cloud and other infrastructure to impersonate a brand or use as a foothold for other attacks.
To ensure the proper security of DNS infrastructure, organizations need a solid combination of strong security hygiene around DNS infrastructure and records management, close monitoring of DNS traffic, effective filtering, and deployment of more advanced protocols, like DNSSEC. The cost of not employing these measures can be high. The average cost of a successful DNS attack is upward of $1 million.
When attacks happen, sometimes the best that many organizations can do is to literally pull the plug on their DNS or network infrastructure.
The Dark Reading report, "Everything You Need to Know About DNS Attacks," explores the nuances of the DNS security awareness gap, including why organizations are struggling to implement a full slate of DNS security measures and what it will take to combat these common DNS attacks. The report examines how to harden DNS infrastructure from attacks, the importance of creating more visibility around DNS, and how DNS protection measures can actually be used to improve other areas of cybersecurity awareness.