Read time: 3 minutes

DNS attacks on the increase, concern for SA firms

By
Johannesburg , 23 Jun 2016

Arbor Networks Annual Worldwide Infrastructure Security Report provides rare insight into the nature of today's network security threats, and ways in which enterprise network operators and service providers are facing up to them.

Rapid advancements in enterprise technology – notably in the areas of cloud computing, mobility, intelligent appliances, and social media – have thrust us into a new era of digital business.

As the number of connected devices and the volume of data continues growing exponentially, businesses and consumers are now totally reliant on the Internet. The challenges of securing our networks becomes bigger and more complex; and the potential threats become increasingly alarming.

Arbor Networks Annual Worldwide Infrastructure Security Report provides a rare insight into the nature of today's network security threats, and the ways in which enterprise network operators and service providers are facing up to these challenges.

Over 350 of these organisations, who provide the network infrastructure for thousands of companies in all verticals all over the world, participated in the 11th Worldwide Infrastructure Security Report. Twenty-nine percent of these respondents operate in the Middle East and Africa region, making the report highly relevant to local businesses.

Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks, explains that as network providers accelerate their use of IPv6, "we're seeing more volatile network environments with wider surfaces of attack".

"One third of respondents had experienced DDoS attacks against their DNS infrastructure in the past year - almost double the number from the previous year. And the financial and reputational damage from these attacks runs well into the billions of dollars."

This onslaught has spurred organisations to bolster their investments in security tools and processes to deal with attacks: More than half of service providers now use intelligent, always-on DDoS mitigation systems (though only 19 percent of enterprise network operators have embraced this technology). The report shows encouraging levels of best-practices to restrict recursive lookups (82 percent), and a marked increase in DNS traffic visibility among the respondents.

Hamman adds, however, that the most alarming findings are that 26 percent of enterprise network operators still have no formal security group responsible for DNS infrastructure – "creating the ideal incentive for attackers to intensify efforts towards those with weaker security postures".

Respondents noted that NetFlow analysers are the most effective way of detecting threats, and also the most commonly deployed. However, the second most used detection tool, firewall logs, rank a lowly sixth in terms of effectiveness. Organisations relying on firewall logs alone are unlikely to prevent all DDoS threats.

‘We're also seeing two notable trends emerging in the nature of DNS attacks," says Hamman. "Firstly, the scale of attacks is worsening – a quarter of attacks now see peak volumes of over 100 gigabits per second. And secondly, from just 19 percent a couple of years ago, 33 percent of organisations now report attacks specifically targeting cloud-based services"

"For South African companies embracing cloud platforms over the coming years, this shift to cloud-based attacks will become a key consideration as they embark on their cloud migration journeys".

Criminal extortion emerged as the number one motivation behind DNS attacks in this year's report, overtaking vandalism and ideological hacktivism for the first time. "This is a significant aspect of the findings," notes Hamman, "reflecting the increasing ‘professionalism' of the criminal threats, and the higher financial risk that organisations are now facing".

He says that while local organisations now have unprecedented opportunities to reach global consumers, through highly-networked, digital marketplaces, the corollary to this is that SA companies move into the firing line for some of the world's most aggressive DNS attack syndicates.

"South African organisations will likely see an increase in the volume and severity of network attacks over the coming years, as hackers continue to search for targets that offer the best possible chance of successful attacks."

Daily newsletter