During the last decade, businesses have experienced a surge in DNS based attacks (attacks targeting availability of a network’s DNS). With the sophistication and modernization of technologies over time, businesses have expanded their technological workspace thereby exposing the security landscape and making it more attractive to attackers. Even with an increasing number of DNS based attacks, organizations do not pay serious heed to organization’s foundational DNS security and it has been found that IT teams often leave the DNS gateways unprotected.
DNS attacks can get very sophisticated and attackers can cause serious damage to a firm’s assets and reputation, especially with people resorting to working from home. In a study conducted by Cambridge University’s Cybercrime Centre, they found that the number of DDoS (a type of DNS based attack) went up sharply during lockdown and there was a remarkable increase in the number of new attackers conducting these attacks¹. Businesses need to keep up with the advancement and take DNS security seriously while understanding the downside of not implementing it. Attackers are always in the lookout for open DNS servers which serve as a point of entry to an organization’s data. With an ever-increasing exposure to attack surfaces, DNS offers the potential to understand and reduce the impact of an attack. Organizations at times find it difficult to track, manage and monitor all the devices in their network. These devices can act as a safe haven to enter an organization for further exploitation. IT teams need to continuously check for new devices added to the network and ensure they adhere to a firm’s security standards.
Once the network is set, security team needs to focus on monitoring the DNS for anomalies. DNS can act as a powerful tool to detect attacks offering the ability to detect malicious activities through sudden spikes in traffic. Most of the DNS systems provide reporting capabilities that enable companies to observe the network and application-level traffic changes. This in turn helps teams identify key traffic patterns and inconsistencies. DNS also has several protocols namely DoH, DoT and DNSSEC that can be leveraged to increase security. DNSSEC does not encrypt traffic but it enhances security by authenticating a connection. DoT and DoH on the other hand route traffic to ports that can carry encrypted traffic. All of these focus on solving the last mile problem and Infoblox supports them all. Details on Infoblox’s DoH and DoT capabilities can be found in this press release.
The detection of threats can get better with new emerging technologies such as artificial intelligence and machine learning wherein the algorithms can be developed to facilitate early identification of abnormal traffic patterns. Early detection provides security teams with sufficient time to address and respond to these attacks.
As the number of attacks on businesses increase, IT teams need to be more vigilant of the role DNS plays in securing the network. While the quantity of data sent out in each DNS packet is not large, it surely can suffice to extract and export sensitive information.
Using appropriate technology can not only help in the early detection and mitigation of DNS based attacks, but also help organizations respond to these attacks and save them from reputation damage. Infoblox with its patented Grid technology strengthens organizations’ DNS infrastructure by providing the ability to centrally manage and automate critical aspects of DNS. For more information, please contact us.