RSAC 2022: The Rise of DNS-Based Attacks

With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.

DNS-Based Attacks are on the Rise

DNS is an often-overlooked component of the security stack. But 70% of attacks involve the DNS layer in some way. Attacks are either launched via deceptive sites, or websites are used in malware exploits. And of course, many sites are leveraged as a way of spreading malware or phishing, despite that site not being deceptive on its own.

300% Increase in Phishing Attacks

Phishing, along with other deceptive categories on our network, has grown over the last few years. According to Trend Micro, 90% of cyberattacks begin as spear phishing emails. Many of these emails opt for links as opposed to attachments, because it’s much easier to convince someone to click a link. Attachments are inherently suspicious, and links are harder to catch so it makes sense that threat actors are favoring phishing emails with links—often taking their time to impersonate someone ahead of asking for anything.

According to the 2022 Verizon Data Breach Investigation Report, there are four key paths to a modern data breach: 

  1. Obtaining credentials
  2. Phishing
  3. Exploiting vulnerabilities
  4. Botnets

20% of the time, phishing is the cause of the data breach. And 82% of all breaches can be blamed on “the human element”-–which includes phishing, but is also comprised of misuse and stolen credentials.

592% Increase in Malware on DNSFilter Network

Malware is growing significantly on our network, which matches trends seen by the likes of Verizon as ransomware has grown 13% since last year and 25% over the last 5 years. Supply chain breaches were responsible for 62% of system intrusion incidents in the past year.

Highly Targeted Phishing Sites

Of all breaches in 2021, healthcare industry breaches were the costliest, averaging $9.23 million each. Noting that, DNSFilter’s network saw a 218% increase in traffic to malicious sites with “health” in the domain name in April of 2022.

This paints a picture of targeted phishing and malware tactics. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine. The banking industry saw a 1318% increase in ransomware attacks in 2021. Germany continues to have one of the most-used ccTLDs for malicious domains, as also noticed in our 2021 Domain Threat Report.

And our observation of targeted healthcare deception aligns with recent CISA directives advising healthcare and critical infrastructure to harden defenses at the DNS layer.

35% of Cyberattacks Via Web Application Compromise

It’s well known that apps like Discord and Telegram are used to spread malware. However, Snapchat is the most blocked social networking site on our network, with 10% of all queries getting blocked. Comparatively, Facebook is only blocked 5% of the time.

DNSFilter users are cybersecurity aware. They know that Snapchat is risky and they’re choosing to block it to ensure their end users don’t inadvertently download malware on work mobile phones. Understanding these risks and knowing that you can block them at the DNS layer, as opposed to waiting for an intrusion onto your network, is powerful. You can block these domains from resolving, so the threat never has a chance to take hold of your network.

And when we deal with domains, especially domains related to applications, we’re talking about hundreds of thousands of domains. To put it in perspective Microsoft Sharepoint alone—not Microsoft, just a single Microsoft app—is made up of 56,973 domains. And these lists change and grow rapidly.

DNSFilter keeps tabs on all of this so our end users can easily block single risky applications by toggling it on. Similarly for categories, we have 35 content categories and 7 threat categories with millions of domains per category, and over 200k new domains are registered every day. Attack vectors never stop growing.

Blocking Threats at the DNS Layer is Necessary

Threats are increasing daily, and prioritizing protection against DNS-based threats should be on the mind of every cybersecurity professional. Secure your organization with DNSFilter for 14 days free.

  • There are no suggestions because the search field is empty.
Latest posts
The Differences Between DNS Security and Protective DNS The Differences Between DNS Security and Protective DNS

When researchers talk about DNS security, they often refer to anything that protects DNS infrastructure. Although protective DNS and DNS security fall under the cybersecurity umbrella, protective DNS takes a different approach to cybersecurity than standard DNS security. Both security strategies are important for the stability of your business, but protective DNS reduces risks from your weakest link–human error. Protective DNS is critical for you...

Cisco Umbrella RC End-of-Life: What You Need to Know Cisco Umbrella RC End-of-Life: What You Need to Know

The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.

Cybersecurity Briefing | A Recap of Cybersecurity News in October 2023 Cybersecurity Briefing | A Recap of Cybersecurity News in October 2023

Industry State of the Art

This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world.  And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.