2021 Press Releases

June 08, 2021

EfficientIP and IDC: Threat Actors Diversify Their Toolkits Throughout Pandemic with DNS Attacks Costing Nearly US$1 Million Each

EfficientIP, a leading provider of network security and automation solutions specialising in DDI (DNS-DHCP-IPAM), announced the results of its 2021 Global DNS Threat Report. The annual research, which was conducted in collaboration with leading market intelligence firm International Data Corporation (IDC), sheds light on the frequency of the different types of DNS attack and the associated costs for the last year throughout the COVID-19 pandemic.
Nearly 90% of organisations (87%) experienced DNS attacks, with the average cost of each attack around US$950,000. The Report shows that organisations across all industries suffered an average 7.6 attacks this past year. These figures illustrate the pivotal role of DNS for network security, both as a threat vector and security objective.
In terms of regional damage from DNS attacks, North America continued to have the highest average cost of attack at US$1,031,210. This is a modest decrease by about 4% from the year prior. Asia continues to experience increases in DNS attacks. The regional damage in 2021 went up 15% from the previous year. Countries which saw significant increase in damages included Malaysia with 78%, the sharpest increase. The country’s average cost per attack compared to this year at US$787,200, from last year’s US$442,820. India, Spain and France are also seeing significant increases of 32%, 36% and 25%, respectively. Notably, damages in the U.K. declined by 27%. In Singapore, attacks fell 12% to US$898,180 in 2021.
The report has found that, throughout the past year during the pandemic, attackers have increasingly targeted the cloud, profiting from the reliance on off-premise working and cloud infrastructures. Around a quarter of companies have suffered a DNS attack abusing cloud misconfiguration, with almost half of companies (47%) suffering cloud service downtime as a result of DNS attacks. In Asia, 54% of respondents faced in-house app downtime and 52% of cloud service downtime as a result of DNS attacks.   
The Threat Report, now in its seventh year, also found a sharp rise in data theft via DNS, with 26% of organisations reporting sensitive customer information stolen compared to 16% in 2020’s Threat Report.
Evidence shows attackers are targeting more organisations and diversifying their toolkit—sometimes drastically. Threat actors relied on domain hijacking, where the user is connected not to the desired service but to a fake one, more than twice as often as last year. This year phishing also continued to grow in popularity (49% of companies experienced phishing attempts), as did malware-based attacks (38%), and traditional DDoS attacks (29%). The phishing rate in Asia is as high as 46%, the most-experienced type of attack including malware-based attack, domain hijacking, cloud misconfiguration abuse, tunnelling and zero-day vulnerability.
Although the cost and variety of attacks remain high, there is a growing awareness of DNS security and how to combat these attacks.
76% of respondents in the 2021 Threat Report deemed DNS security a critical component of their network architecture. Additionally, the report found Zero Trust is evolving as a tool to protect networks in the remote era. 75% of companies are planning, implementing or running Zero Trust initiatives and 43% of companies believe DNS domain deny and allow lists are highly valuable for Zero Trust for improving control over access to apps. The figures show that companies in Singapore and Malaysia also see the importance of Zero Trust initiatives where 80% and 75% respectively are planning, implementing or running Zero Trust initiatives to zero-trust networking.
The DNS Threat Report finds solutions considered most effective by organisations for preventing theft includes: securing network endpoints (31%) and better monitoring threat and analysis of DNS traffic (26%).
“While it is positive that companies want to use DNS to protect their increasingly remote workforces, organisations are continuing to suffer the costly impacts of DNS attacks,” says Romain Fouchereau, Research Manager European Security at IDC. “As threat actors seek to diversify their toolkits, businesses must continue to be aware of the variety of threats posed, ensuring DNS security is a key priority to preventing these.”
DNS offers valuable information against would-be cybercriminals that is currently underutilised. According to results from the 2021 Threat Report, 25% of companies perform no analytics on their DNS traffic.
“This past year of the pandemic has shown us that DNS must play a role in an effective security system.” says Ronan David, VP of Strategy for EfficientIP.  “As workers look to more permanently transition to off-premise sites, making use of cloud, IoT, edge and 5G, companies and telecom providers should look to DNS for a proactive security strategy. This will ensure the prevention of network or application downtime as well as protecting organisations from confidential data theft and financial losses.”
The report suggests three recommendations for protecting data, apps, cloud services and users, including enhancing the privacy of remote workers with a private DoH solution, eliminating cloud service downtime caused by cloud misconfigurations through automating life-cycle management of IP resource and making DNS the first line of defence to stop the spread of attacks.