New research from Vanson Bourne found that more than three quarters of organizations in the United States and U.K. have suffered a domain name system (DNS) attack.
Just less than half (49 percent) of the organizations surveyed said they had experienced such an attack in the past 12 months. The most common DNS threats reported were DDoS (74 percent), DNS exfiltration (46 percent), DNS tunneling (45 percent) and DNS hijacking (33 percent) by those who had suffered an attack.
The research surveyed 300 U.S. and U.K. key IT decision makers in organizations with 1,000+ employees. It covered a variety of verticals including financial services, retail, distribution and transport, IT and manufacturing and production. The study was commissioned by Cloudmark.
A third of the respondents confirmed they had lost confidential customer information. Despite this however, 44 percent of those who found it difficult to justify DNS security investment to their company felt it was because their senior management does not see DNS security as an issue. More than half of the IT decision makers polled (55 percent) cited the theft of private or confidential data as a major concern to their organization.
“The survey findings suggest that large organizations are not only inadequately protecting company intellectual property against DNS attacks but more needs to be done to help educate businesses on the methods used by DNS attackers,” said Neil Cook, chief technology officer at Cloudmark, in a statement.
Twenty-three percent of U.K. respondents admitted they did not know if their organization had ever suffered a DNS attack. The highest incidence of DNS attacks occurred among retail, distribution and transportation verticals, with 74 percent suffering from an attack in the past 12 months.
“While DDoS threats continue to be a common method of attack to siphon off valuable resources, organizations need to review their security solutions to ensure they can protect against a multitude of other attacks including DNS exfiltration and DNS tunneling, particularly in industries where high-value data is held, such as retail and financial industries,” Cook added. “Once an organization’s data is in the hands of cyber-criminals, the brand reputation, customers and ultimately revenue of that organization can be severely affected.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
