Network security and automation solutions provider EfficientIP has announced the results of its 2021 Global DNS Threat Report.
The annual research, which was conducted in collaboration with market intelligence firm International Data Corporation (IDC), sheds light on the frequency of the different types of DNS attack and the associated costs for the last year throughout the COVID-19 pandemic.
In terms of regional damage from DNS attacks, Asia recorded an increase of 15%, incurring a cost of $908,140, up from $792,840 the previous year, claims the report.
Countries which saw significant increase in damages included Malaysia which increased by 78%, the sharpest increase, as well as India, Spain and France also seeing significant increases of 32%, 36% and 25%, respectively.
As per the report, nearly 90% of organisations (87%) experienced DNS attacks, with the average cost of each attack around $950,000.
The report claims that throughout the past year during the pandemic, attackers have increasingly targeted the cloud, profiting from the reliance on off-premise working and cloud infrastructures.
Around a quarter of companies have suffered a DNS attack abusing cloud misconfiguration, with almost half of companies (47%) suffering cloud service downtime as a result of DNS attacks.
The Threat Report, now in its seventh year, also found a sharp rise in data theft via DNS, with 26% of organizations reporting sensitive customer information stolen compared to 16% in 2020’s Threat Report.
Evidence shows attackers are targeting more organisations and diversifying their toolkit—sometimes drastically, claims the report.
Threat actors relied on domain hijacking, where the user is connected not to the desired service but to a fake one, more than twice as often as last year.
This year phishing also continued to grow in popularity (49% of companies experienced phishing attempts), as did malware-based attacks (38%), and traditional DDoS attacks (29%).
The report suggests three recommendations for protecting data, apps, cloud services and users, including enhancing the privacy of remote workers with a private DoH solution, eliminating cloud service downtime caused by cloud misconfigurations through automating life-cycle management of IP resource and making DNS the first line of defense to stop the spread of attacks.