Mitigating Cyberattacks on Financial Sector with DNS Security

The financial sector has gradually outsourced banking and financial services, migrated apps and data to the cloud, and developed platforms allowing customers to carry out their transactions online. But digitizing banking services and associated data increases vulnerability to cyberattacks, and the potential reward for successfully hacking a financial institution is huge. Attacks targeting DNS in particular have become very common due to its criticality to the network – practically all network connections are initiated using DNS – so findings in the IDC 2020 Global DNS Threat Report show that DNS security is now considered as being of high importance for 86% of financial organizations.

Cyberattacks on the financial sector are still among the most costly. According to the DNS Threat Report, DNS attacks in financial services cost nearly $1.3 million per attack. This is incredibly high compared to other sectors; averaging damage cost across all sectors comes to $924,000. Fully 85% of financial services organizations surveyed experienced a DNS attack last year, and on average they each suffered more than 10 attacks. That damage can really add up.

App and cloud service downtime have costly impacts

The overall cost of these attacks includes cost of mitigation, full-time-equivalent (FTE) hours spent, and business damage. The financial sector, like other sectors, suffers many impacts from a DNS-based attack. Among the top impacts highlighted in the report were cloud service downtime and in-house app downtime (53% and 59% experienced these, respectively).

However, some impacts are considerably worse for the financial sector than the average sector: financial institutions suffered higher rates of loss of business (35% compared to an average of 29%), brand damage (32% compared to 29%), and sensitive customer information stolen (17% compared to 16%).

The top methods of attack in the financial sector come from DNS-based malware (42% of financial institutions had experienced DNS-based malware), phishing (39%), and DDoS attacks (33%).

The countermeasures being used against DNS attacks are not ideal, including actions like shutting down the affected processes (58% of financial institutions performed this) or disabling affected apps (49%). But shutting down systems effectively leaves customers without access to their data for a period of time–it takes nearly 5 hours for organizations to mitigate an attack, which only increases the potential for financial losses.

Elevate DNS Security with a zero trust strategy using UBA

To protect networks from these types of attacks, organizations must ensure compliance with IT hygiene rules and accelerate investments in DNS security. Among them, the “Zero Trust” strategy is particularly effective. The financial sector appears to see the value of Zero Trust slightly more than the average sector, with 39% having implemented or piloted Zero Trust, compared to an average of 31% across all sectors.

For a successful zero-trust strategy approach, businesses need to elevate their DNS security through implementation of advanced threat detection capacity with user behavioral analytics (UBA). Analytics on the valuable information provided by internal (east-west) DNS traffic, particularly with regards to client behavior, offers great potential for enhancing threat intelligence and filtering domains allowed to be accessed. EfficientIP’s DNS Guardian offers this capability with its innovative DTI (DNS Transaction Inspection) functionality. Adding machine learning tools brings capability to detect zero-day malicious domains (those domains which are not yet known to be malicious) and domain generation algorithms (DGAs).

Protecting data and reducing threat complexity for SOAR

DNS traffic analysis is also essential when it comes to protecting data. Information is often hidden in normal network traffic during data exfiltration via DNS, so often goes unnoticed by tools such as firewalls. Measures that go beyond blacklisting, and instead focus on contextual client behavior, are far more efficient for closing back doors to data theft and combating ransomware. According to the report, 31% of financial institutions view better monitoring and analysis of DNS traffic as their top priority for protecting data confidentiality on their network.

Based on the DNS Threat Report, other focus areas for finance companies include automation of their network security policies (43% still use mainly manual processes), and sharing actionable DNS security event information with SIEM/SOCs to help forensics, overcome breach fatigue, and ease threat remediation.

The risk of attacks on the financial sector has only increased since the advent of mass telework, as people are at home more, using less secure connections and increasing reliance on the cloud. According to VMware data, global financial institutions have thus had to face a tripling of cyber attacks (+238%) between February and April 2020. This shows why, more than ever, business leaders in the finance sector must adopt a security-by-design framework, ensuring it incorporates DNS security as a priority. Especially during the global pandemic, ensuring the safety of our financial systems has become vital.