Share this
RSAC 2022: The Rise of DNS-Based Attacks
by Kory Underdown on Jun 14, 2022 12:00:00 AM
With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.
DNS-Based Attacks are on the Rise
DNS is an often-overlooked component of the security stack. But 70% of attacks involve the DNS layer in some way. Attacks are either launched via deceptive sites, or websites are used in malware exploits. And of course, many sites are leveraged as a way of spreading malware or phishing, despite that site not being deceptive on its own.
300% Increase in Phishing Attacks
Phishing, along with other deceptive categories on our network, has grown over the last few years. According to Trend Micro, 90% of cyberattacks begin as spear phishing emails. Many of these emails opt for links as opposed to attachments, because it’s much easier to convince someone to click a link. Attachments are inherently suspicious, and links are harder to catch so it makes sense that threat actors are favoring phishing emails with links—often taking their time to impersonate someone ahead of asking for anything.
According to the 2022 Verizon Data Breach Investigation Report, there are four key paths to a modern data breach:
- Obtaining credentials
- Phishing
- Exploiting vulnerabilities
- Botnets
20% of the time, phishing is the cause of the data breach. And 82% of all breaches can be blamed on “the human element”-–which includes phishing, but is also comprised of misuse and stolen credentials.
592% Increase in Malware on DNSFilter Network
Malware is growing significantly on our network, which matches trends seen by the likes of Verizon as ransomware has grown 13% since last year and 25% over the last 5 years. Supply chain breaches were responsible for 62% of system intrusion incidents in the past year.
Highly Targeted Phishing Sites
Of all breaches in 2021, healthcare industry breaches were the costliest, averaging $9.23 million each. Noting that, DNSFilter’s network saw a 218% increase in traffic to malicious sites with “health” in the domain name in April of 2022.
This paints a picture of targeted phishing and malware tactics. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine. The banking industry saw a 1318% increase in ransomware attacks in 2021. Germany continues to have one of the most-used ccTLDs for malicious domains, as also noticed in our 2021 Domain Threat Report.
And our observation of targeted healthcare deception aligns with recent CISA directives advising healthcare and critical infrastructure to harden defenses at the DNS layer.
35% of Cyberattacks Via Web Application Compromise
It’s well known that apps like Discord and Telegram are used to spread malware. However, Snapchat is the most blocked social networking site on our network, with 10% of all queries getting blocked. Comparatively, Facebook is only blocked 5% of the time.
DNSFilter users are cybersecurity aware. They know that Snapchat is risky and they’re choosing to block it to ensure their end users don’t inadvertently download malware on work mobile phones. Understanding these risks and knowing that you can block them at the DNS layer, as opposed to waiting for an intrusion onto your network, is powerful. You can block these domains from resolving, so the threat never has a chance to take hold of your network.
And when we deal with domains, especially domains related to applications, we’re talking about hundreds of thousands of domains. To put it in perspective Microsoft Sharepoint alone—not Microsoft, just a single Microsoft app—is made up of 56,973 domains. And these lists change and grow rapidly.
DNSFilter keeps tabs on all of this so our end users can easily block single risky applications by toggling it on. Similarly for categories, we have 35 content categories and 7 threat categories with millions of domains per category, and over 200k new domains are registered every day. Attack vectors never stop growing.
Blocking Threats at the DNS Layer is Necessary
Threats are increasing daily, and prioritizing protection against DNS-based threats should be on the mind of every cybersecurity professional. Secure your organization with DNSFilter for 14 days free.
Share this
Categories
- Featured (258)
- Protective DNS (18)
- IT (13)
- IndyCar (9)
- Cybersecurity Brief (7)
- AI (6)
- Content Filtering (6)
- Deep Dive (6)
- IT Challenges (5)
- Public Wi-Fi (5)
- Roaming Client (4)
- Team (4)
- Compare (3)
- Malware (3)
- Tech (3)
- Anycast (2)
- Events (2)
- Machine Learning (2)
- Phishing (2)
- Ransomware (2)
- Tech Stack (2)
- MSP (1)
- Secure Web Gateway (1)
Automation is no longer optional for companies looking to scale and operate their cyber defenses. It enables organizations to do more with less, eliminating rote and mundane tasks to free up valuable human resources for more strategic initiatives. However, if not used carefully, automation can amplify existing problems, making something bad even worse. So, how can we use automation effectively and safely?
Our final race weekend at the Music City Grand Prix was an adrenaline-pumping experience that perfectly blended speed, technology, and unforgettable moments. It was a weekend full of thrills, camaraderie, and lightning-fast Wi-Fi in Nashville. Here’s a rundown of the highlights:
As education relies more heavily on technology, the importance of ensuring the safety and media literacy of students continues to grow. Educational environments must navigate a complex landscape of online content, balancing the need for open access to information with the necessity of protecting students from harmful, inappropriate, or inaccurate material. Digital safety encompasses protecting students from online threats such as cyberbullying, m...