Rapid rise in DNS attacks drives demand for new approach

Issue 7 2023 Infrastructure, Security Services & Risk Management

James Kloppers.

As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

This is hardly surprising because 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023. Many of those incidents involved a DNS (domain name system) attack, which can do severe damage. It can disrupt online services and create opportunities for attackers to exploit the resulting chaos for further malicious activities, including the insertion of ransomware to encrypt critical data before a ransom demand for the decryption keys.

The sad truth is that every DNS has weaknesses, and there are several ways that attackers can exploit them. One popular method is a 'DNS flood', a distributed denial-of-service attack that overwhelms a targeted DNS server. Misconfigurations in DNS infrastructure can also serve as entry points for ransomware attacks. Cybercriminals exploit these weaknesses to gain unauthorised access to a company's network, and once inside, they can distribute ransomware payloads.

Bad actors can exploit DNS vulnerabilities to execute DNS hijacking attacks. For instance, hackers can take advantage of the DNS system to steer their victims away from the websites they frequent and lead them to imposter sites that appear legitimate. These fake sites can trick victims into entering their login credentials or downloading malicious files. Providing these details can help attackers move laterally within the network or deliver a ransomware payload.

The value of collaboration

As companies try to stay one step ahead of the bad guys, a new realisation should dawn on all of us; a united front against attackers will be far more effective than standing alone. It is time to consider what can be accomplished when collaborating and sharing resources. Ironically, the bad guys have already worked this out and are known to share strategies on the dark web. The good guys need to catch up and start banding together.

This is not easy. When a company falls victim to an attack, you do not find the management posting about it online; there is a reluctance to publicise details for fear of reputation damage. But suppose all organisations were to share more information about attacks, experiences, what worked, and what did not work for them. It might go a long way to improving global protection against cybercrime.

Zero Trust is the only way to go

Zero Trust is not a single product or technology. It is a fusion of policies, best practices, and available products. It aims to create an environment that offers comprehensive protection against potential threats. A zero-trust approach enhances the integrity and security of backup systems by fundamentally changing how organisations think about network security. In a traditional security model, once a user or system gains access to a network, they often have broad access privileges, including to backup systems, however, with Zero Trust, a company never assumes trust and enforces security at every level. It follows the principle of least privilege, meaning that the company grants users or systems only the minimum access required to perform specific tasks. In the context of backup systems, this ensures that only authorised personnel and processes have access to backup data, which reduces the risk of unauthorised access and data breaches.

Zero Trust relies on continuous authentication and monitoring. Users and systems are authenticated at the initial login and throughout a session, allowing companies to revoke access when suspicious activities are detected. Businesses can thus promptly identify unusual behaviour or access patterns and take action to investigate and mitigate potential threats. This real-time monitoring helps safeguard the integrity of all systems, including backup systems.

Disaster recovery

The focus should not be on making backups but on ensuring that a company can restore them to their original state. Often, customers secure their environment, create multiple copies of data, and store it in various locations, including the cloud, but the real test is in the restoration process.

When data is lost or compromised, the speed of data recovery is vital. By prioritising recovery, downtime is minimised. Data recovery becomes a critical defence mechanism as ransomware and DNS attacks increase. If a company can recover data quickly and effectively, it reduces the leverage of cybercriminals to demand a ransom. Recent reports show that most organisations now recover from backups rather than paying ransom. While this approach does not guarantee 100% data recovery, it is often more cost-effective and helps maintain data integrity. Remember that it depends on a solid backup and recovery strategy.

To recover 100% of one's data, it is necessary to ensure that backup procedures are robust, regularly tested, and aligned with evolving data and environmental changes. Customers sometimes struggle with data recovery, not because of the backup itself, but due to outdated policies that miss essential data or fail to back up correctly. It is crucial to stay on top of the basics in data protection, especially in the context of evolving threats like ransomware and DNS attacks.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Navigating the evolving tech landscape in 2024 and beyond
Residential Estate (Industry) Infrastructure
Progress in the fields of AI, VR and social media is to be expected, but what is not, is our fundamental relationship with how we deploy solutions in our business and how it integrates with greater organisational strategies and goals.

Using KPIs to measure smart city progress
Axis Communications SA Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
United 4 Smart Sustainable Cities is a United Nations Initiative that encourages the use of information and communication technology (including security technology) to support a smooth transition to smart cities.

Enhancing estate security, the five-layer approach
Fang Fences & Guards Residential Estate (Industry) Integrated Solutions Security Services & Risk Management
Residential estates are designed to provide a serene and secure living environment enclosed within gated communities, offering residents peace of mind and an elevated standard of living.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

iOCO collaboration protection secures Office 365
Information Security Infrastructure
The cloud, in general, and Office 365, in particular, have played a significant role in enabling collaboration, but it has also created a security headache as organisations store valuable information on the platform.

Detecting humans within vehicles without opening the doors
Flow Systems News & Events Security Services & Risk Management
Flow Systems has introduced its new product, which detects humans trying to hide within a vehicle, truck, or container. Vehicles will be searched once they have stopped before one of Flow Systems' access control boom barriers.

Smart mining operations management
Mining (Industry) Infrastructure IoT & Automation
In his presentation at the recent MESA Africa conference, Neels van der Walt, Business Development Manager at Iritron, revealed the all-encompassing concept of SMOM (Smart Mining Operations Management) and why it is inextricably linked to the future of worldwide mining operations.

Cybercriminals embracing AI
Information Security Security Services & Risk Management
Organisations of all sizes are exploring how artificial intelligence (AI) and generative AI, in particular, can benefit their businesses. While they are still figuring out how best to use AI, cybercriminals have fully embraced it.

Do you need a virtual CIO?
Editor's Choice News & Events Infrastructure
If you have a CIO, rest assured that your competitors have noticed and will come knocking on their door sooner or later. A Virtual CIO service is a compelling solution for businesses navigating tough economic conditions.

The TCO of cloud surveillance
DeepAlert Verifier Technews Publishing Surveillance Infrastructure
SMART Security Solutions asked two successful, home-grown cloud surveillance operators for their take on the benefits of cloud surveillance to the local market. Does cloud do everything, or are there areas where onsite solutions are preferable?