Published: August 8, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
No one wants to think that 83% of the top 2000 global businesses in the world lack proper domain name system (DNS) security, but they do. According to a report released by CSC, their “2020 Domain Security Report: Forbes Global 2000 Companies” sheds light on the uneasy risks every business should be aware of with a vulnerable DNS. It paints a grim picture of what these world class companies are not doing to protect their businesses and customers from, including domain name hijacking.
A lack of DNS protection puts your customers at the very same risk as the Fortune 2000. Simply put, DNS provides a “phonebook” or naming database for the internet. It translates a domain name to an Internet Protocol (IP) address, allowing a device to locate the website the user expects to visit. No business is immune, and some of biggest industries in the world are hardest hit when they deny the most basic DNS protections.
Anatomy of a DNS Attack
There are many signs that cybercriminals are revving-up their attacks against vulnerable DNS services, especially during the current coronavirus pandemic. Spamhaus Project reports a recent increase in domain-name hijacking in business email compromise (BEC) phishing campaigns, as well as social engineering hacks. When bad actors gain access to a legitimate domain, they create new hostnames with a different IP address having no connection to the root domain. From there, they reroute internet traffic to a new location–meaning theirs. According to Spamhaus, that gives hackers the ability to unleash a torrent of spam and malware that disrupts businesses and their customers, as well as evading antispam measures.
DNS Protection by Industry
The CSC report finds a curious imbalance between different industries and the level of DNS protection they do, or don’t provide. Industries most protecting their DNS security are information technology, media, and entertainment. Ranking lowest with DNS security are financial institutions, one of the most highly targeted industries on earth. The report claims many banks fail to adopt even the most basic protections like registry-lock services and corporate domain-registrar service that can lead to domain name hijacking, social engineering, and phishing attacks.
Sobering DNS Stats
Statistics coming from the CSC study are as disturbing as knowing banks offer the least DNS protections. It finds 53% of the Forbes Global 2000 use more vulnerable, retail-grade domain registrars that leave many of the largest companies in the world, and their customers, vulnerable. On the other hand, only 20% of the Fortune 2000 use enterprise-grade DNS protections, something they should all have to combat cybercriminals. A remarkable 97% of these industries, both good and poorly protected, don’t use DNS security extensions. This means those companies are prone to further vulnerabilities in the DNS lookup process, including cache poisoning attacks, otherwise known as DNS spoofing.
The lack of basic DNS security with Fortune 2000 companies is not an excuse for SMBs (small-to-medium-sized business) to join suit. Protecting your domain name from attackers should be high priority, especially as those attacks can also lead to downtime and financial loss for any business, including a hit to its reputation. Research shows 60% of SMBs never recover from a hack, with many closing their doors within six months of a cyberattack.
What to Do
Cybersecurity experts recommend using strong and effective protections for your DNS so that changes to it can’t be made. This should also include domain protection services from experts who offer domain assurance, a proactive approach to DNS security. This may include acquiring domain names that closely resemble those of your business on behalf of your organization. This can help eliminate the ability for hackers to spoof a domain name for financial gain.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org