Rapid rise in DNS attacks drives demand for new approach

Issue 7 2023 Infrastructure, Risk Management & Resilience

James Kloppers.

As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

This is hardly surprising because 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023. Many of those incidents involved a DNS (domain name system) attack, which can do severe damage. It can disrupt online services and create opportunities for attackers to exploit the resulting chaos for further malicious activities, including the insertion of ransomware to encrypt critical data before a ransom demand for the decryption keys.

The sad truth is that every DNS has weaknesses, and there are several ways that attackers can exploit them. One popular method is a 'DNS flood', a distributed denial-of-service attack that overwhelms a targeted DNS server. Misconfigurations in DNS infrastructure can also serve as entry points for ransomware attacks. Cybercriminals exploit these weaknesses to gain unauthorised access to a company's network, and once inside, they can distribute ransomware payloads.

Bad actors can exploit DNS vulnerabilities to execute DNS hijacking attacks. For instance, hackers can take advantage of the DNS system to steer their victims away from the websites they frequent and lead them to imposter sites that appear legitimate. These fake sites can trick victims into entering their login credentials or downloading malicious files. Providing these details can help attackers move laterally within the network or deliver a ransomware payload.

The value of collaboration

As companies try to stay one step ahead of the bad guys, a new realisation should dawn on all of us; a united front against attackers will be far more effective than standing alone. It is time to consider what can be accomplished when collaborating and sharing resources. Ironically, the bad guys have already worked this out and are known to share strategies on the dark web. The good guys need to catch up and start banding together.

This is not easy. When a company falls victim to an attack, you do not find the management posting about it online; there is a reluctance to publicise details for fear of reputation damage. But suppose all organisations were to share more information about attacks, experiences, what worked, and what did not work for them. It might go a long way to improving global protection against cybercrime.

Zero Trust is the only way to go

Zero Trust is not a single product or technology. It is a fusion of policies, best practices, and available products. It aims to create an environment that offers comprehensive protection against potential threats. A zero-trust approach enhances the integrity and security of backup systems by fundamentally changing how organisations think about network security. In a traditional security model, once a user or system gains access to a network, they often have broad access privileges, including to backup systems, however, with Zero Trust, a company never assumes trust and enforces security at every level. It follows the principle of least privilege, meaning that the company grants users or systems only the minimum access required to perform specific tasks. In the context of backup systems, this ensures that only authorised personnel and processes have access to backup data, which reduces the risk of unauthorised access and data breaches.

Zero Trust relies on continuous authentication and monitoring. Users and systems are authenticated at the initial login and throughout a session, allowing companies to revoke access when suspicious activities are detected. Businesses can thus promptly identify unusual behaviour or access patterns and take action to investigate and mitigate potential threats. This real-time monitoring helps safeguard the integrity of all systems, including backup systems.

Disaster recovery

The focus should not be on making backups but on ensuring that a company can restore them to their original state. Often, customers secure their environment, create multiple copies of data, and store it in various locations, including the cloud, but the real test is in the restoration process.

When data is lost or compromised, the speed of data recovery is vital. By prioritising recovery, downtime is minimised. Data recovery becomes a critical defence mechanism as ransomware and DNS attacks increase. If a company can recover data quickly and effectively, it reduces the leverage of cybercriminals to demand a ransom. Recent reports show that most organisations now recover from backups rather than paying ransom. While this approach does not guarantee 100% data recovery, it is often more cost-effective and helps maintain data integrity. Remember that it depends on a solid backup and recovery strategy.

To recover 100% of one's data, it is necessary to ensure that backup procedures are robust, regularly tested, and aligned with evolving data and environmental changes. Customers sometimes struggle with data recovery, not because of the backup itself, but due to outdated policies that miss essential data or fail to back up correctly. It is crucial to stay on top of the basics in data protection, especially in the context of evolving threats like ransomware and DNS attacks.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The human factor side of video management systems
Leaderware Editor's Choice Surveillance Risk Management & Resilience
A video management system (VMS) is central to, and the most vital element to any control room operation using CCTV as part of its service delivery, however, all too often, it is seen as a technical solution rather than an operational solution.

Get the basics right to win more business
ServCraft Editor's Choice Risk Management & Resilience
The barriers to entry in security are not high. More people are adding CCTV and fencing to their repertoire every year. Cowboys will not last long in a space where customers trust you with their safety.

Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Revolutionising networking technology for the future
Infrastructure IoT & Automation
[Sponsored] In the fast-evolving landscape of networking technology, RUCKUS Networks stands out as a trailblazer, offering innovative solutions that redefine connectivity experiences across various industries.

South Africa shows a 1200% increase in deepfake fraud
News & Events Risk Management & Resilience
Sumsub released its third annual Identity Fraud Report of the year, analysing identity fraud across industries and regions based on millions of verification checks across 28 industries and over 2 million fraud cases.

How hackers exploit our vulnerabilities
Information Security Risk Management & Resilience
Distractions, multi-tasking, and emotional responses increase individuals’ vulnerability to social engineering, manipulation, and various forms of digital attacks; 74% of all data breaches included a human element.

Edge could help transform South Africa’s healthcare
Axis Communications SA Infrastructure
Edge computing has emerged as a game-changing technology for many industries, and the healthcare sector is no exception. In particular, South Africa’s healthcare industry could significantly benefit from the potential of this technology.

Cloud platform for cyber resilience in the hybrid enterprise
The Commvault Cloud brings together data protection, security, intelligence, and recovery on one platform, offering AI capabilities to defeat cyber threats, and includes integration with Microsoft Azure OpenAI Service.

South Africans play a role in becoming scam victims
Editor's Choice Risk Management & Resilience
The South African fraud landscape is becoming increasingly risky as fraudsters and scammers look to target individuals with highly sophisticated scams, in an environment where it is becoming increasingly difficult for lawmakers and authorities to bring these criminals to justice.