printer friendly version

Rapid rise in DNS attacks drives demand for new approach

James Kloppers.

As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

This is hardly surprising because 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023. Many of those incidents involved a DNS (domain name system) attack, which can do severe damage. It can disrupt online services and create opportunities for attackers to exploit the resulting chaos for further malicious activities, including the insertion of ransomware to encrypt critical data before a ransom demand for the decryption keys.

The sad truth is that every DNS has weaknesses, and there are several ways that attackers can exploit them. One popular method is a 'DNS flood', a distributed denial-of-service attack that overwhelms a targeted DNS server. Misconfigurations in DNS infrastructure can also serve as entry points for ransomware attacks. Cybercriminals exploit these weaknesses to gain unauthorised access to a company's network, and once inside, they can distribute ransomware payloads.

Bad actors can exploit DNS vulnerabilities to execute DNS hijacking attacks. For instance, hackers can take advantage of the DNS system to steer their victims away from the websites they frequent and lead them to imposter sites that appear legitimate. These fake sites can trick victims into entering their login credentials or downloading malicious files. Providing these details can help attackers move laterally within the network or deliver a ransomware payload.

The value of collaboration

As companies try to stay one step ahead of the bad guys, a new realisation should dawn on all of us; a united front against attackers will be far more effective than standing alone. It is time to consider what can be accomplished when collaborating and sharing resources. Ironically, the bad guys have already worked this out and are known to share strategies on the dark web. The good guys need to catch up and start banding together.

This is not easy. When a company falls victim to an attack, you do not find the management posting about it online; there is a reluctance to publicise details for fear of reputation damage. But suppose all organisations were to share more information about attacks, experiences, what worked, and what did not work for them. It might go a long way to improving global protection against cybercrime.

Zero Trust is the only way to go

Zero Trust is not a single product or technology. It is a fusion of policies, best practices, and available products. It aims to create an environment that offers comprehensive protection against potential threats. A zero-trust approach enhances the integrity and security of backup systems by fundamentally changing how organisations think about network security. In a traditional security model, once a user or system gains access to a network, they often have broad access privileges, including to backup systems, however, with Zero Trust, a company never assumes trust and enforces security at every level. It follows the principle of least privilege, meaning that the company grants users or systems only the minimum access required to perform specific tasks. In the context of backup systems, this ensures that only authorised personnel and processes have access to backup data, which reduces the risk of unauthorised access and data breaches.

Zero Trust relies on continuous authentication and monitoring. Users and systems are authenticated at the initial login and throughout a session, allowing companies to revoke access when suspicious activities are detected. Businesses can thus promptly identify unusual behaviour or access patterns and take action to investigate and mitigate potential threats. This real-time monitoring helps safeguard the integrity of all systems, including backup systems.

Disaster recovery

The focus should not be on making backups but on ensuring that a company can restore them to their original state. Often, customers secure their environment, create multiple copies of data, and store it in various locations, including the cloud, but the real test is in the restoration process.

When data is lost or compromised, the speed of data recovery is vital. By prioritising recovery, downtime is minimised. Data recovery becomes a critical defence mechanism as ransomware and DNS attacks increase. If a company can recover data quickly and effectively, it reduces the leverage of cybercriminals to demand a ransom. Recent reports show that most organisations now recover from backups rather than paying ransom. While this approach does not guarantee 100% data recovery, it is often more cost-effective and helps maintain data integrity. Remember that it depends on a solid backup and recovery strategy.

To recover 100% of one's data, it is necessary to ensure that backup procedures are robust, regularly tested, and aligned with evolving data and environmental changes. Customers sometimes struggle with data recovery, not because of the backup itself, but due to outdated policies that miss essential data or fail to back up correctly. It is crucial to stay on top of the basics in data protection, especially in the context of evolving threats like ransomware and DNS attacks.

Share this article:

Further reading: