RSAC 2022: The Rise of DNS-Based Attacks

With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.

DNS-Based Attacks are on the Rise

DNS is an often-overlooked component of the security stack. But 70% of attacks involve the DNS layer in some way. Attacks are either launched via deceptive sites, or websites are used in malware exploits. And of course, many sites are leveraged as a way of spreading malware or phishing, despite that site not being deceptive on its own.

300% Increase in Phishing Attacks

Phishing, along with other deceptive categories on our network, has grown over the last few years. According to Trend Micro, 90% of cyberattacks begin as spear phishing emails. Many of these emails opt for links as opposed to attachments, because it’s much easier to convince someone to click a link. Attachments are inherently suspicious, and links are harder to catch so it makes sense that threat actors are favoring phishing emails with links—often taking their time to impersonate someone ahead of asking for anything.

According to the 2022 Verizon Data Breach Investigation Report, there are four key paths to a modern data breach: 

  1. Obtaining credentials
  2. Phishing
  3. Exploiting vulnerabilities
  4. Botnets

20% of the time, phishing is the cause of the data breach. And 82% of all breaches can be blamed on “the human element”-–which includes phishing, but is also comprised of misuse and stolen credentials.

592% Increase in Malware on DNSFilter Network

Malware is growing significantly on our network, which matches trends seen by the likes of Verizon as ransomware has grown 13% since last year and 25% over the last 5 years. Supply chain breaches were responsible for 62% of system intrusion incidents in the past year.

Highly Targeted Phishing Sites

Of all breaches in 2021, healthcare industry breaches were the costliest, averaging $9.23 million each. Noting that, DNSFilter’s network saw a 218% increase in traffic to malicious sites with “health” in the domain name in April of 2022.

This paints a picture of targeted phishing and malware tactics. The start of the “gov” domain traffic spike aligned with the start of the Russian invasion of Ukraine. The banking industry saw a 1318% increase in ransomware attacks in 2021. Germany continues to have one of the most-used ccTLDs for malicious domains, as also noticed in our 2021 Domain Threat Report.

And our observation of targeted healthcare deception aligns with recent CISA directives advising healthcare and critical infrastructure to harden defenses at the DNS layer.

35% of Cyberattacks Via Web Application Compromise

It’s well known that apps like Discord and Telegram are used to spread malware. However, Snapchat is the most blocked social networking site on our network, with 10% of all queries getting blocked. Comparatively, Facebook is only blocked 5% of the time.

DNSFilter users are cybersecurity aware. They know that Snapchat is risky and they’re choosing to block it to ensure their end users don’t inadvertently download malware on work mobile phones. Understanding these risks and knowing that you can block them at the DNS layer, as opposed to waiting for an intrusion onto your network, is powerful. You can block these domains from resolving, so the threat never has a chance to take hold of your network.

And when we deal with domains, especially domains related to applications, we’re talking about hundreds of thousands of domains. To put it in perspective Microsoft Sharepoint alone—not Microsoft, just a single Microsoft app—is made up of 56,973 domains. And these lists change and grow rapidly.

DNSFilter keeps tabs on all of this so our end users can easily block single risky applications by toggling it on. Similarly for categories, we have 35 content categories and 7 threat categories with millions of domains per category, and over 200k new domains are registered every day. Attack vectors never stop growing.

Blocking Threats at the DNS Layer is Necessary

Threats are increasing daily, and prioritizing protection against DNS-based threats should be on the mind of every cybersecurity professional. Secure your organization with DNSFilter for 14 days free.

Search
  • There are no suggestions because the search field is empty.
Latest posts
How MSPs Can Enhance Customer Experience with Technology How MSPs Can Enhance Customer Experience with Technology

Customer experience is the secret sauce that sets successful Managed Service Providers (MSPs) apart from the rest. In a market teeming with competition, you need to offer more than the best technology or the lowest prices. It's about how clients feel when they interact with your services. A stellar customer experience can transform a one-time client into a loyal advocate, while a poor one can send them running to your competitors. According to a ...

From The Election Polls to Holiday Deals: Cybercriminals are Preying on Seasonal Trends For Their Own Gain From The Election Polls to Holiday Deals: Cybercriminals are Preying on Seasonal Trends For Their Own Gain

In July I published a blog on the DNSFilter website where I looked closely at our passive DNS data, highlighting early election trends in relation to threat domains.

Ensuring CIPA Compliance: A Practical Guide (and checklist) for Educational Leaders Ensuring CIPA Compliance: A Practical Guide (and checklist) for Educational Leaders

The Children's Internet Protection Act (CIPA) is a critical law designed to ensure that students are protected from harmful online content. It requires schools and libraries to implement Internet safety measures, such as filtering and monitoring, to safeguard minors. Compliance with CIPA is essential for institutions seeking E-Rate program discounts for Internet access and internal connections.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.