RSAC 2022: The Rise of DNS-Based Attacks

With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.

DNS-Based Attacks are on the Rise

DNS is an often-overlooked component of the security stack. But 70% of attacks involve the DNS layer in some way. Attacks are either launched via deceptive sites, or websites are used in malware exploits. And of course, many sites are leveraged as a way of spreading malware or phishing, despite that site not being deceptive on its own.

300% Increase in Phishing Attacks

Phishing, along with other deceptive categories on our network, has grown over the last few years. According to Trend Micro, 90% of cyberattacks begin as spear phishing emails. Many of these emails opt for links as opposed to attachments, because it’s much easier to convince someone to click a link. Attachments are inherently suspicious, and links are harder to catch so it makes sense that threat actors are favoring phishing emails with links—often taking their time to impersonate someone ahead of asking for anything.

According to the 2022 Verizon Data Breach Investigation Report, there are four key paths to a modern data breach: 

  1. Obtaining credentials
  2. Phishing
  3. Exploiting vulnerabilities
  4. Botnets

20% of the time, phishing is the cause of the data breach. And 82% of all breaches can be blamed on “the human element”-–which includes phishing, but is also comprised of misuse and stolen credentials.

592% Increase in Malware on DNSFilter Network

Malware is growing significantly on our network, which matches trends seen by the likes of Verizon as ransomware has grown 13% since last year and 25% over the last 5 years. Supply chain breaches were responsible for 62% of system intrusion incidents in the past year.

Highly Targeted Phishing Sites

Of all breaches in 2021, healthcare industry breaches were the costliest, averaging $9.23 million each. Noting that, DNSFilter’s network saw a 218% increase in traffic to malicious sites with “health” in the domain name in April of 2022.

This paints a picture of targeted phishing and malware tactics. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine. The banking industry saw a 1318% increase in ransomware attacks in 2021. Germany continues to have one of the most-used ccTLDs for malicious domains, as also noticed in our 2021 Domain Threat Report.

And our observation of targeted healthcare deception aligns with recent CISA directives advising healthcare and critical infrastructure to harden defenses at the DNS layer.

35% of Cyberattacks Via Web Application Compromise

It’s well known that apps like Discord and Telegram are used to spread malware. However, Snapchat is the most blocked social networking site on our network, with 10% of all queries getting blocked. Comparatively, Facebook is only blocked 5% of the time.

DNSFilter users are cybersecurity aware. They know that Snapchat is risky and they’re choosing to block it to ensure their end users don’t inadvertently download malware on work mobile phones. Understanding these risks and knowing that you can block them at the DNS layer, as opposed to waiting for an intrusion onto your network, is powerful. You can block these domains from resolving, so the threat never has a chance to take hold of your network.

And when we deal with domains, especially domains related to applications, we’re talking about hundreds of thousands of domains. To put it in perspective Microsoft Sharepoint alone—not Microsoft, just a single Microsoft app—is made up of 56,973 domains. And these lists change and grow rapidly.

DNSFilter keeps tabs on all of this so our end users can easily block single risky applications by toggling it on. Similarly for categories, we have 35 content categories and 7 threat categories with millions of domains per category, and over 200k new domains are registered every day. Attack vectors never stop growing.

Blocking Threats at the DNS Layer is Necessary

Threats are increasing daily, and prioritizing protection against DNS-based threats should be on the mind of every cybersecurity professional. Secure your organization with DNSFilter for 14 days free.

  • There are no suggestions because the search field is empty.
Latest posts
Traversing the World of AI with Judy Security Traversing the World of AI with Judy Security

Raffaele Mautone, CEO of Judy Security, recently joined us for an interview session around the increasing presence of AI in cybersecurity. This insightful Q&A session sheds light on how AI is integrated into Judy Security's operations. Raffaele also touches on the broader implications of AI for the future, making a compelling case for its strategic use in both day-to-day operations and long-term security strategies.

Exploring the Security of Free Public Wi-Fi with eero Exploring the Security of Free Public Wi-Fi with eero

There is no doubt that Wi-Fi has become an essential part of our daily lives, enabling us to stay connected whether we're at home, at work, or on the go. However, the convenience of wireless networks comes with significant security risks that can compromise personal and sensitive information. 

Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap —Laguna Seca Edition

Another exciting race weekend with Juncos Hollinger Racing and Romain Grosjean has come to a close! We co-hosted the IndyCar race at Laguna Seca road course with our pals at Pax8, our logos alongside each other on Grosjean’s No. 77 car. Clearly this teamwork paid off, with Romain finishing the race in his team-best position!

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.