DNS attacks: average cost down 22% in France, the cloud more and more targeted
EfficientIP unveils the results of its 2020 report on the global DNS threat. Published every year, this report, conducted in collaboration with the economic intelligence company International Data Corporation (IDC), reveals the proliferation of different types of DNS attacks and their financial impacts for the past year. He points out in particular that – if the average number of attacks and the associated costs remain high – business transformation and awareness of the challenges of DNS security are increasing.
Nearly four out of five organizations (79%) suffered DNS attacks in 2019, the average financial cost of each attack being around € 840,840. According to the study, organizations across all industries have suffered an average of 9.5 attacks this year, placing the DNS at the heart of network security by cybercriminals who use it either as a vehicle or as the ultimate target of an attack.
The report reveals that the average cost of DNS attacks in Europe has dropped significantly, from 1.08 million euros in 2018 to around 802,047 € (a decrease of almost 26%). In France, the average cost of an attack in 2020 is the lowest, with € 749,740, which represents a significant drop of more than 20% compared to the previous year. At the same time, the average number of attacks increased slightly in France, from 7.65 to 7.95. The threat of DNS attacks therefore remains very real, in particular phishing attacks – the most widespread DNS attack in France – suffered by 40.2% of companies in the last 12 months, followed by DNS-based malware (30 , 39%) and DDoS attacks (22.55%).
DNS attacks seem to be increasingly affecting the cloud. Businesses experiencing cloud service outages have grown from 41% in the 2019 report to almost 50% this year, an increase of nearly 22%. As in the previous year, a large majority of companies surveyed experienced interruptions in their internal applications (62% this year compared to 63% in 2019). Overall, application interruptions – whether internal or in the cloud – remain the most significant result of DNS attacks; 82% of the companies questioned declared having experienced a more or less moderate interruption.
This sixth edition of the report also shows the wide range and evolution of attack types worldwide, from the most volumetric, to the weak signal. This year, phishing was the most common attack (39% of companies were subjected to phishing attempts), ahead of malware-based attacks (34%) and DDoS (27%). Note that the size of DDoS attacks is also increasing, almost two thirds (64%) being greater than 5 Gbit / s.
Despite these still worrying figures, companies are increasingly aware of the means to fight against these attacks: 77% of respondents worldwide considered that DNS security was an essential element of their network security (and almost 80 % in France), against 64% the previous year. In addition, the use of Zero Trust strategies is maturing: 31% of companies are now applying or piloting the Zero Trust strategy (almost 25% in France), compared to 17% last year. Finally, the use of predictive analytics increased from 45% to 55%.
“The recognition of the critical nature of DNS security has increased to 77%, because most organizations are now regularly affected by a DNS attack or vulnerability,” explains Romain Fouchereau, director of European security research at IDC. “The consequences of such attacks can be very damaging financially, but also have a direct business impact. Ensuring the availability and integrity of DNS services must become a priority for any organization.”
The DNS offers valuable information that is currently underutilized in the fight against potential hackers. According to the results of the 2020 report, currently 25% of companies do not analyze their DNS traffic (compared to 30% last year). 35% of organizations do not use internal DNS traffic for filtering, and only 12% collect DNS records and establish correlations through machine learning.
“As we experience key technological revolutions with IoT, Edge, SD-WAN and 5G, DNS should play a much more important role in the network security ecosystem,” said Ronan David, vice president. -president of EfficientIP strategy. “It offers valuable information that can make security strategies against hackers much more proactive and preventive. The COVID-19 pandemic has exacerbated the need to strengthen DNS defenses, especially when a broken down application network may have major commercial consequences. “
Businesses, through a variety of means, can better use the DNS through threat intelligence and user behavioral analytics to improve their ability to protect against attacks. A DNS security solution can supply SIEMs and SOCs with exploitable data and events, which simplifies and accelerates the detection of these and the corrective measures to be associated with them. Among the companies surveyed, 29% used security and event management software (SIEM) to detect compromised devices, and 33% of companies transmitted DNS information to SIEM for analysis (compared to 22% in 2019) .