RSAC 2022: The Rise of DNS-Based Attacks

RSAC 2022: The Rise of DNS-Based Attacks

Kory Underdown
June 14, 2022

With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.

DNS-Based Attacks are on the Rise

DNS is an often-overlooked component of the security stack. But 70% of attacks involve the DNS layer in some way. Attacks are either launched via deceptive sites, or websites are used in malware exploits. And of course, many sites are leveraged as a way of spreading malware or phishing, despite that site not being deceptive on its own.

300% Increase in Phishing Attacks

Phishing, along with other deceptive categories on our network, has grown over the last few years. According to Trend Micro, 90% of cyberattacks begin as spear phishing emails. Many of these emails opt for links as opposed to attachments, because it’s much easier to convince someone to click a link. Attachments are inherently suspicious, and links are harder to catch so it makes sense that threat actors are favoring phishing emails with links—often taking their time to impersonate someone ahead of asking for anything.

According to the 2022 Verizon Data Breach Investigation Report, there are four key paths to a modern data breach: 

  1. Obtaining credentials
  2. Phishing
  3. Exploiting vulnerabilities
  4. Botnets

20% of the time, phishing is the cause of the data breach. And 82% of all breaches can be blamed on “the human element”-–which includes phishing, but is also comprised of misuse and stolen credentials.

592% Increase in Malware on DNSFilter Network

Malware is growing significantly on our network, which matches trends seen by the likes of Verizon as ransomware has grown 13% since last year and 25% over the last 5 years. Supply chain breaches were responsible for 62% of system intrusion incidents in the past year.

Highly Targeted Phishing Sites

Of all breaches in 2021, healthcare industry breaches were the costliest, averaging $9.23 million each. Noting that, DNSFilter’s network saw a 218% increase in traffic to malicious sites with “health” in the domain name in April of 2022.

This paints a picture of targeted phishing and malware tactics. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine. The banking industry saw a 1318% increase in ransomware attacks in 2021. Germany continues to have one of the most-used ccTLDs for malicious domains, as also noticed in our 2021 Domain Threat Report.

And our observation of targeted healthcare deception aligns with recent CISA directives advising healthcare and critical infrastructure to harden defenses at the DNS layer.

35% of Cyberattacks Via Web Application Compromise

It’s well known that apps like Discord and Telegram are used to spread malware. However, Snapchat is the most blocked social networking site on our network, with 10% of all queries getting blocked. Comparatively, Facebook is only blocked 5% of the time.

DNSFilter users are cybersecurity aware. They know that Snapchat is risky and they’re choosing to block it to ensure their end users don’t inadvertently download malware on work mobile phones. Understanding these risks and knowing that you can block them at the DNS layer, as opposed to waiting for an intrusion onto your network, is powerful. You can block these domains from resolving, so the threat never has a chance to take hold of your network.

And when we deal with domains, especially domains related to applications, we’re talking about hundreds of thousands of domains. To put it in perspective Microsoft Sharepoint alone—not Microsoft, just a single Microsoft app—is made up of 56,973 domains. And these lists change and grow rapidly.

DNSFilter keeps tabs on all of this so our end users can easily block single risky applications by toggling it on. Similarly for categories, we have 35 content categories and 7 threat categories with millions of domains per category, and over 200k new domains are registered every day. Attack vectors never stop growing.

Blocking Threats at the DNS Layer is Necessary

Threats are increasing daily, and prioritizing protection against DNS-based threats should be on the mind of every cybersecurity professional. Secure your organization with DNSFilter for 14 days free.

Search
MORE Cybersecurity

Cybersecurity Report Mid-year 2022

Inside this report, you’ll see there’s been significant increases in botnet, DDoS, and phishing attacks, often on critical systems and infrastructure.

Get the Report

SIEM Integration with Data Export Feature

Data Export feature allows customers to transmit DNS query data from DNSFilter to an external location in real-time.

Learn More about Data Export

Lifesaver Program

Current OpenDNS customers get FREE DNS security through September 2022 when you commit to a 1-year deal with DNSFilter.

Get More Details
LATEST POSTS

How to Spot a Nation-State Cyber Attack

From cyber espionage to cyber terrorism, cybercriminals now pose a significant threat to national security and public safety.

"MSP Friendly, Intuitive, Powerful" — ArcLight Case Study

ArcLight Solutions is a longstanding MSP primarily working with healthcare clients, rural hospitals and private practices.

Compliance ≠ Security: Healthcare Organizations’ Biggest Threats

Compliance and security are not the same. And in healthcare, this difference is incredibly important. Checking off compliance boxes will not ensure patient data

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.