‘No DNS, no business’ is something that cybercriminals are well aware of and is, therefore, a popular attack vector. The good news is that companies are more aware of the problem, the bad news is that the bad guys are popping up in more and more places.
A recent IDC Infobrief survey, sponsored by Efficient IP, showed that 79% of respondents had experienced a DNS attack in the last year. 82% suffered downtime as a result and the average cost was $942,000.
While this may seem depressing, it is better than last year. Awareness of DNS security in the most recent survey was significantly higher than last year. 77% of respondents thought that DNS security was critical against 64% in 2019. Organisations that were victims of various types of DNS attacks fell from 82% to 79% in the 12 month period.
Sadly, the arena that is attacked most often is the telecoms and media sector, with an average of 11.4 attacks in the year, with 8% suffering a cost of over $5 million.
All in all this is encouraging but cyber criminals are not giving up lightly.
One recent ‘innovation’ from cyber criminals is a vector called ‘fleeceware’. Devious developers become part of Google Play and appear to be compliant. They use the power of Google to lure customers to download their app and then set about extorting them. Simple wallpapers can cost $92 a week. Once customers have downloaded and started to use an app, they begin to get messages urging them to pay for services which, in any sane person’s book are not premium. Often these messages are threatening.
COVID-19 has been a catalyst for many things, and has accelerated many emerging trends. The silver lining in the pandemic is that we are more aware of threats, we are more careful generally and our awareness of security is increasing.
All of which means we should not rest on our laurels. Far from it, we must be ever more aware of possible attacks on our DNS and we must keep our eyes open for new attack vectors such as fleeceware.
You can download the IDC report here.