In the wake of Russian hacking, DDoS attacks and DNS attacks seem to be in full bloom.
French President Emmanuel Macron, fell prey to hacking – just before an election. After a flurry of nearly 3000 attempts to take down then candidate Macron’s campaign, one DNS DDoS attack took down his website for a short while. Then before this incident in October of 2016 DNS provider Dyn was attacked by the hacker group Anonymous i causing a denial of service to a multitude of sites in Europe and North America.
For anyone who relies on their website to be up, running, and ready, standby for heavy seas. DDoS attacks are taking place at alarming rates and the worst may be yet to come. It could be devastating.
According to research conducted by Sterling, Virginia based Neustar Inc., DDoS attacks are becoming bigger, harder and stronger. They report 849 out of 1,010 organizations surveyed were attacked. The attacks weren’t concentrated in any particular industries, but spread out across a wide industry range. The number of attacks has increased 15 percent since 2016 and 86% of those attacked were also hit more than once.
Why DNS attacks? Because for cybercriminals DNS attacks are a surefire way to not just cause damage, but insure that damage occurs on a broad scale. This is why every security professional in the digital stratosphere needs to be concerned.
Gartner advised in their 2016 report, Hype Cycle for Infrastructure Protection, that “DDoS mitigation services should be a standard part of business continuity/disaster recovery planning, and should be included in all internet service procurements when the business depends on the availability of internet connectivity.”
So just what makes a DNS attack such a concern?
- Its Potential. It stops all activity for a long time. When hackers hit with a DNS attack, many websites are affected. And downed web sites tend to stay offline for a while. While they’re down, so are all your operations. Research by Neustar found half of all companies they studied over the last five years experienced a downtime event lasting more than 8 hours. The frequency of events and perhaps their duration is likely to grow.
- Its Pathway. DNS is the sole gateway and thus a single point of failure. Even top domains use only one DNS provider. Attack the provider and you take one attack and multiply it times the affected domains. . That provider and all of its operations – customers, operations, and interactions – are all offline until things are repaired and the situation remediated. When a single DNS provider, who serves multiple clients, is attacked, so are all their clients. The second bad practice, which is still being used by the majority of top domains, is single homing DNS management. Companies that relied on a single DNS provider suffered massive DNS outages after the famed worldwide outage last October. A major DNS provider was downed by a DDoS attack, which in turn knocked thousands of large domains offline. Top sites that rely on more than one DNS provider have reduced risk as their site may not be out entirely. It’s great for those who work with more than one provider, but many do not.
- Its Vulnerability. DNS providers are more vulnerable to hackers. According to Neustar, three fourths of US and UK-based organizations have experienced a DNS attack. Half of these uncovered some sort of DNS-based attack in the previous 12 months. With this frequency, everyone is vulnerable. Hackers are able to cause most damage with a fixed amount of effort. They may redirect visitors to a site that they control and commandeer. For the hacker, it fulfills their goal and inflicts the right amount of pain. Every domain is vulnerable.
- Its Cost. Downtime is costly. No business is transacted when a site is down. Plus, it takes investment to find and patch the pathway of the attack. Then the damage requires “mopping up” as customer data is compromised, notifications are sent out, media stories are launched, and a flurry of calls are handled as the entire nightmare is remediated. Adrienne Lafrance wrote in The Atlantic (How Much Will Today’s Internet Outage Cost?, October 21, 2016) that “For some companies, the cost of an attack can exceed $100,000 per hour. Given that the majority of attacks continue for more than six hours, these losses add up quickly. In a particularly stark example, the airline Virgin Blue lost $20 million in period of IT outages that spanned 11 days in 2010.”
DDoS are taking place at alarming rates. DNS is a ripe platform of attack. The worst may be yet to come. When it does, it could be devastating. Be concerned, but be prepared.