Nearly three-quarters (72%) of organizations have suffered a domain name system (DNS) attack in the past 12 months, according to a new study by the Neustar International Security Council (NISC).
Of those organizations affected, 61% were targeted on multiple occasions, while 11% have been victimized regularly.
While Neustar noted that DNS attacks are generally a lower concern for security pros than vectors like ransomware, distributed denial-of-service (DDoS) and targeted account hacking, they are becoming increasingly menacing to organizations. According to its latest study, 55% of security professionals consider DNS compromise an increasing threat; this compares to 47% in October 2020.
The most common types of DNS attacks experienced were DNS hijacking (47%), DNS flood, reflection or amplification attacks that segued into DDoS (46%), DNS tunneling (35%) and cache poisoning (33%).
The 302 security professionals from six EMEA and US markets included in the survey were also asked about the damage caused by these incidents. Among those organizations targeted, 58% saw their businesses disrupted for over an hour, 14% took several hours to recover. However, around one-third were able to recover within minutes.
Website disruptions are becoming increasingly damaging to businesses amid the digital shift during COVID-19. More than nine in 10 (92%) respondents agreed their organization’s website is vital to business continuity and customer fulfillment at some level, with 16% entirely enabled by it. Over half (56%) said their website has a significant role in day-to-day activity, and only 8% of organizations believe they can continue conducting business without their website.
Despite this, just 31% of respondents were confident in their organization’s ability to deal with a DNS attack that could take their website offline. Furthermore, over a quarter (27%) admitted they were not confident.
Michael Kaczmarek, vice president of product management for Neustar Security Solutions, commented: “Organizations are challenged to keep pace with emerging security threats in an increasingly borderless digital landscape. Although some attack vectors may not be as visible or pose as imminent a threat as others, it is clear bad actors will exploit any vulnerability they can find sooner rather than later, and they will cost organizations valuable time, resources and business.”
He added: “The latest data indicates that organizations need to remain vigilant, close security gaps, and patrol for potential breaches around the clock.”