This week, Apple released a crucial security patch for its AirPort routers. As PC World noted:
… the flaw is a memory corruption issue stemming from DNS (Domain Name System) data parsing that could lead to arbitrary code execution.
I don’t write much about DNS security, and maybe I should. A couple of recent studies show how vital it is and how much a DNS-related security incident can cost you.
Infoblox, for instance, just released the results of its first Infoblox Security Assessment Report, covering the first quarter of 2016, finding that four out of five networks showed evidence of malicious DNS activity. As the report explained:
DNS is a unique and ubiquitous protocol, and can also be a powerful enforcement point within the network. When suspicious DNS activity is detected, network administrators and security teams can use this information to quickly identify and remediate infected devices — and can use DNS firewalling as well to prevent malware inside the network from communicating with command-and-control servers or exfiltrating data.
The specific threats found in files during the first quarter, by percentage, are:
- Botnets – 54 percent
- Protocol anomalies – 54 percent
- DNS tunneling – 18 percent
- ZeuS malware – 17 percent
- Distributed denial of service (DDoS) traffic – 15 percent
- CryptoLocker ransomware – 13 percent
- Amplification and reflection traffic – 12 percent
- Heartbleed – 11 percent
As Craig Sanderson, senior director of security products at Infoblox, explained in a formal statement:
The prevalence of these attacks shows the value of DNS in finding threats aimed at disrupting organizations and stealing valuable data, as well as the extent to which organizational infrastructure can be hijacked to mount attacks on third parties.
However, companies aren’t doing enough to protect themselves from a potential DNS attack, according to research from EfficientIP. Three quarters of those surveyed admitted to being hit by a DNS attack, but only 59 percent were using any type of DNS security tools. And 25 percent of those not implementing DNS security were hit with financial losses up to a million dollars in downtime and lost business. David Williamson, CEO of EfficientIP, said in a statement:
The report has highlighted that despite the massive increase in cyber attacks, companies and their IT departments still don't fully appreciate the risks from DNS-based attacks. In just under two years, GDPR will come into effect and companies will be held responsible for all security breaches and could face major fines. It's crucial for all businesses to start taking DNS security seriously.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba