How DNS Security Protects the Financial Industry Against Cyberattacks

For many years, the volume of sensitive customer and financial data in circulation have made the financial services sector an attractive target for attackers, and the COVID-19 pandemic has further enhanced this, creating new risks for banks, trading platforms and other financial institutions. The rapid shift to distributed and remote workforces has resulted in more complex company networks revealing weak points in IT security concepts. An increased reliance on cloud services in combination with the swift acceleration of connected devices is creating a stronger need than ever for robust cybersecurity measures and solutions to tackle the growing variety of attacks.

The DNS (Domain Name System) is an especially popular target for cybercriminals. It acts as the central communication system between apps and users and therefore has a critical function within every company network. A compromised DNS can be used to animate botnet activities, exchange data with unknown servers or exfiltrate valuable information. New findings of the EfficientIP and IDC 2021 Global DNS Threat Report shed light on: 1) How DNS attacks have been affecting the financial sector throughout the pandemic 2) What measures organizations are taking to mitigate attacks 3) Recommendations for strengthening DNS Security.

Attacks on financial services have costly outcomes

DNS attacks in the financial sector continue to be the costliest among all industries. According to the 2021 DNS Threat Report, DNS attacks in financial services cost nearly $1.1 million per attack – while the average cost across all sectors is $950.000.

The surveyed financial institutions suffered an average of 8.3 attacks over a 12-month period during the pandemic, which is also above the global average of 7.6. In addition, the Threat Report revealed that the financial industry is the sector most likely to experience phishing attacks (55% of financial institutions) and DNS-based Malware (42%). Other notable DNS attack types were distributed denial-of-service (DDoS) attacks (35%), DNS tunnelling (30%), domain hijacking (30%) as well as Zero Day Vulnerabilities (26%).

DNS attacks can have a potentially devastating impact on institutions, as recent examples show: In 2020, more than 100 financial service organizations from Europe, North and South America and Asia were targeted in a wave of ransom DDoS attacks by the same threat actor. Affected banks, exchanges, payments companies, card issuers, payroll companies, insurance firms, and money transfer services all received a note threatening to disrupt websites and services via DDoS attack if the demanded ransom was not paid. The incidents highlight that costs associated with an attack are far reaching as they include costs for mitigating attacks, productivity losses due to shut down systems as well as wider brand damage and business losses resulting from downtimes and disrupted websites.

The DNS Threat Report finds that mitigating an attack took financial institutions an average of 6.1 hours, during which services for customers were disabled and communications disrupted. The sector was the most likely to experience cloud service downtime as a result of an attack (52%). In addition, application downtime (52%) was another common negative impact affecting institutions surveyed. In general, downtimes caused by DNS attacks cause severe financial losses as they prevent time-sensitive transactions and can lead to the loss of valuable data, underlining the critical threat DNS attacks represent for the industry. Further, companies reported to have suffered brand damage (23%), dealt with compromised websites (43%) and lost customer information (24%) due to attacks on their DNS.

How to tackle attacks with DNS security

Many methods companies make use of to mitigate attacks negatively affect productivity and business processes. These include shutting down a DNS server or service, leading to the disruption of transactions and financial services which cause severe negative consequences like loss of business and even damage the company’s reputation as its reliability and trustworthiness is jeopardized.

Fortunately, the report also shows that the sector is increasingly recognizing the importance of enhanced preventive DNS security solutions which include adaptive countermeasures. 77% of companies view DNS security as a very critical component of their network security and 55% view it as critical to protect a remote workforce.

Overall, an organization’s goal must be to prevent attacks – not simply mitigating them once they occur. Zero Trust strategies are therefore being adopted, with 78% of surveyed financial services institutions planning, implementing or running Zero Trust to better protect themselves against DNS threats. Controlling which users have access to which critical apps is key for zero trust, so applying filtering to DNS queries becomes very important. 79% of institutions therefore believe DNS domain deny-and-allow lists are highly valuable for Zero Trust.

For protecting remote workers, the financial services sector is the most likely industry to consider implementing private DoH (DNS over HTTPS), with 56% of surveyed institutions affirming this. Using DoH from public providers is causing concerns with regards to privacy. A private DoH solution overcomes these concerns as it ensures all DNS traffic from users and devices uses the organization’s infrastructure, thus allowing for better security, filtering and observability. This is one of the key recommendations in the Threat Report, with other recommendations being to automate lifecycle management of IP resources in order to eliminate cloud service downtime frequently caused by cloud misconfigurations, and to take advantage of DNS’s unique early visibility over almost all traffic to make DNS the first line of defense against attacks.

EfficientIP smart DNS security enhances threat detection and simplifies remediation

Another area of focus for the finance industry for protecting its customers, apps and its own data is the utilization of a controlled DNS service. Especially when hosting multi cloud applications, which are accessed by a remote and distributed workforce. EfficientIP SOLIDserver feaures such as DNS Guardian and DNS Firewall provide a promising solution. They filter DNS queries, perform traffic analysis on user behavior as well as domain reputation in order to detect ransomware and DGAs, prevent spread of attacks early in the traffic flow, and pass actionable security events to SOCs and SIEMs to help simplify and accelerate remediation.

With the implementation of strategic IT initiatives like multi cloud, SD-WAN and IoT, vulnerabilities of IT systems will continue to multiply. And though the industry’s awareness of cyber threats and their impact has increased, so have risks in this sector. By integrating purpose-built smart DNS security solutions into their overall IT strategy, IT decision makers will make a critical contribution towards safeguarding the financial sector against future threats.