Authored by: Nick Itta, VP, Asia Pacific, EfficientIP
The financial sector has gradually outsourced its banking and financial services, migrated apps and data to the cloud, and developed platforms allowing customers to carry out their transactions online.
The development of digital banking has facilitated more convenient means of helping banks and financial institutions capture the digitally-enabled consumers. Southeast Asia remains a key region in this respect, having been considered the hotbed for innovation, and being home to Asia’s largest digital economy.
However, digitising banking services and associated data increases vulnerability to cyberattacks, and the potential reward for successfully hacking a financial institution, is huge. In particular, attacks targeting DNS are increasingly prevalent due to its criticality to the network, considering almost all network connections are initiated via DNS. A single attack could cause downtime to the network. In February and June, we saw attacks on AWS and Akamai respectively. Closer to home in Singapore, last October saw some brokerages being hit by DDoS attacks, disrupting services.
Indeed, findings in the IDC 2020 Global DNS Threat Report show that DNS security is considered to be of high importance for 76% of financial organisations in Asia. However, among them, cyberattacks in the financial sector remain among the most costly. According to the same report, DNS attacks in financial services cost nearly $1.3 million per attack. This is significantly higher compared to other sectors; averaging damage cost across all sectors to be $924,000.
App and cloud service downtime have costly impacts
The overall cost of these attacks includes cost of mitigation, full-time-equivalent (FTE) hours spent, and business damage. The financial sector, like other sectors, suffers many impacts from a DNS-based attack. Among the top impacts highlighted in the report were cloud service downtime and in-house app downtime (53% and 59%, respectively).
Compared to the average, financial institutions also suffered higher rates of loss of business: 35%, compared to the average of 29%; brand damage: 32%, compared to 29%; and sensitive customer information stolen: 17%, compared to 16%. The top methods of attacks in the financial sector were DNS-based malware (42%), phishing (39%), and DDoS attacks (33%).
Existing countermeasures to combat DNS attacks are not sufficient. Shutting down the affected processes (58%) or disabling affected apps (49%) leaves customers without access to their data or services for a period of time. It takes nearly five hours for financial organisations to mitigate an attack, which only increases the potential for financial losses and affects their reputation.
Elevate DNS Security with a Zero Trust strategy using UBA
For organisations to be sufficiently protected from these and similar attacks, organisations should act to ensure their networks are compliant with IT hygiene rules and accelerate investments in DNS security. Among them, a Zero Trust strategy is particularly effective. The 2020 DNS Threat Report found the financial sector is more likely to implement Zero Trust, with 39% having implemented or piloted Zero Trust, compared to an average of 31% across all sectors.
A successful Zero Trust approach requires elevated DNS security through the implementation of advanced threat detection capacity with user behavioural analytics (UBA). Insight from internal DNS traffic analysis, particularly about client behaviour, offers the opportunity to enhance threat intelligence and filtering domains. This can be found in the DTI (DNS Transaction Inspection) function. Machine learning tools enable the detection of zero-day malicious domains (those not yet known to be malicious) and domain generation algorithms (DGAs). These options prove very useful against modern-day attacks, which are increasing in frequency and intensity; and will continue to do so as the threat environment develops with technological advancement.
Protecting data and reducing threat complexity for SOAR
DNS traffic analysis is also essential when it comes to protecting data. Information is often hidden in normal network traffic during data exfiltration via DNS, so often goes unnoticed by tools such as firewalls. Measures that go beyond blacklisting to focus on contextual client behaviour are far more efficient for closing back doors to data theft and combating ransomware. According to the report, 31% of financial institutions view better monitoring and analysis of DNS traffic as their top priority for protecting data confidentiality on their network.
According to the DNS Threat Report, other focus areas include better automation of network security policies (43% still use mainly manual processes), and sharing actionable DNS security event information with SIEM/SOCs to help forensics, overcome breach fatigue, and ease threat remediation.
The risk of attacks on the financial sector has only increased since the advent of remote mass working, as people are working from home, and more likely to use less secure connections and are more reliant on the cloud. According to VMware data, global financial institutions have thus had to face a tripling of cyber attacks (+238%) between February and April 2020. Adopting a security-by-design framework and ensuring DNS security as a priority is fundamental to safeguarding the safety of financial systems, especially in global downtime in the era of the pandemic.