The costs of restoring services after a DNS (Domain Name System) attack are higher for financial services firms than for companies in any other sector.
According to a survey of 1,000 large financial services firms in Europe, North America and Asia Pacific, the average cost of recovering from a single DNS attack is $924,390 for a large financial services company.
The survey, carried out by network automation and security supplier EfficientIP, and its subsequent 2018 Global DNS threat report found that the average cost of recovery for such finance firms had increased by 57% compared with last year.
It also revealed that financial services firms suffered an average of seven attacks each last year, and 19% of them were attacked more than 10 times.
The survey found that finance firms took an average of seven hours to mitigate a DNS attack and 5% of them spent a total of 41 working days mitigating attacks in 2017. More than a quarter (26%) lost business because of the attacks.
The most common problems caused by DNS attacks are cloud service downtime, compromised websites and internal application downtime.
“The DNS threat landscape is continually evolving, impacting the financial sector in particular,” said David Williamson, CEO at EfficientIP. “This is because many financial organisations rely on security solutions that fail to combat specific DNS threats.
“Financial services increasingly operate online and rely on internet availability and the capacity to securely communicate information in real time. Therefore, network service continuity and security is a business imperative and a necessity.”
But IT security teams at large finance firms have to balance their resources in the face of increasing cyber threats. A survey commissioned by VMWare earlier this year showed that 90% of IT security professionals in financial services have to make compromises that could leave other areas of their organisation exposed to cyber threats, and half admitted doing this regularly.
- Zero day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software.
- Cache poisoning – the attacker corrupts a DSN server by replacing a legitimate IP address in the server’s cache with that of another, rogue address in order to redirect traffic to a malicious website, collect information or initiate another attack. Cache poisoning may also be referred to as DNS poisoning.
- Denial of service – an attack in which a malicious bot sends more traffic to a targeted IP address than the programmers who planned its data buffers anticipated someone might send. The target becomes unable to resolve legitimate requests.
- Distributed denial of service – the attacker uses a botnet to generate huge amounts of resolution requests to a targeted IP address.
- DNS amplification – the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread the attack to other DNS servers.
- Fast-flux DNS – the attacker swaps DNS records in and out with extreme frequency in order redirect DNS requests and avoid detection.