Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nearly 50 Percent of Organizations Hit With DNS Attack in Last 12 Months: Survey

New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.

New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.

Just less than half (49 percent) of the organizations surveyed said they had experienced such an attack in the past 12 months. The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunneling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.

The research surveyed 300 U.S. and U.K. key IT decision makers in organizations with 1,000+ employees. It covered a variety of verticals including financial services, retail, distribution and transport, IT and manufacturing and production. The study was commissioned by Cloudmark.

A third of the respondents confirmed they had lost confidential customer information. Despite this however, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management does not see DNS security as an issue. More than half of the IT decision makers polled (55 percent) cited the theft of private or confidential data as a major concern to their organization.

“The survey findings suggest that large organizations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers,” said Neil Cook, chief technology officer at Cloudmark, in a statement.

Twenty-three percent of U.K. respondents admitted they did not know if their organization had ever suffered a DNS attack. The highest incidence of DNS attacks occurred among retail, distribution and transportation verticals, with 74 percent suffering from an attack in the past 12 months.

“While DDoS threats continue to be a common method of attack to siphon off valuable resources, organizations need to review their security solutions to ensure they can protect against a multitude of other attacks including DNS exfiltration and DNS tunneling, particularly in industries where high-value data is held, such as retail and financial industries,” Cook added. “Once an organization’s data is in the hands of cyber-criminals, the brand reputation, customers and ultimately revenue of that organization can be severely affected.”

Written By

Click to comment

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.