Finance Firms Losing the Most in Battle Against DNS Attacks

Some of the world’s largest banks, including Santander, Lloyds Banking Group and HSBC, were targeted by DDoS-for-hire cyber attack website Webstresser last year, which attempted to launch DDoS attacks on their systems. These attacks cost some institutions hundreds of thousands of dollars.

DDoS attacks, which seek to exploit the functionality of accessible DNS resolvers, rendering the server and its surrounding infrastructure useless, are a daily headache for many businesses, but the financial sector feels the sting more than most. EfficientIP’s 2018 Global DNS Threat Report reveals each DNS attack costs financial organizations an average of $924,390 – a 57% increase in just 12 months. However, the effects of DNS attacks can reach far beyond costs.

Financial organizations have much to lose from gambling with hackers. Any unsecured entry point to their networks can have crippling consequences – including data exfiltration which can include theft of customers’ credit card numbers, financial information and even proprietary or confidential corporate data. The consequences can also include loss of business or application downtime for financial companies.

One DNS attack will give you ninety-nine problems

According to our research, financial institutions are the most severely affected by DNS attacks, and are subjected to an average of eight attacks per year, more than any other sector. Worryingly, a full 10% of financial institutions fell victim up to 20 times in the past 12 months.

In a post-GDPR era, our research shows financial institutions suffered significant data loss, with 22% reporting stolen sensitive customer information and 19% citing stolen intellectual property. All of this results in brand damage and rising fines for highly-publicized non-compliance under GDPR and the US CLOUD Act for financial institutions, but are not the only consequence of DNS attacks for the sector. In addition to a loss of IP and sensitive customer information, other common impacts of DNS attacks are cloud service downtime, experienced by 43% of financial organizations, a compromised website (36%), and in-house application downtime (32%).

DNS attacks are also costing financial institutions their time, too. Only second to the public sector, the financial services industry takes the longest to mitigate an attack, spending an average of seven hours, nearly a whole business day. Worryingly, 16% of financial sector respondents cited spending as much as 24-hours resolving impacts of their DNS attacks.

Aren’t networks already protected?

Our research clearly shows networks are not sufficiently protected. Although 94% of financial organizations understand the criticality of having a secure DNS network for their business, overwhelming evidence from the survey shows they haven’t taken enough action.

Failure to apply security patches in a timely manner is a major issue for organizations. EfficientIP’s 2018 Global DNS Threat Report reveals 72% of finance companies took three days or more to install a security patch on their systems, leaving them open to attacks.

Adapting security solutions to protect DNS

Financial Services activities rely heavily on network availability and the capacity to securely communicate information in real time. Therefore, service continuity and security is a business imperative, which a smart DNS security solution will support.

Working with some of the world’s largest global banks and stock exchanges to protect their networks, EfficientIP recommends five best practices:

• Harden security for cloud/next-gen datacenters with a purpose-built DNS security solution, overcoming limitations of solutions from cloud providers. This ensures continued access to cloud services and apps, and protects against exfiltration of cloud-stored data.
• Apply adaptive countermeasures relevant to threats. The result is ensured business continuity, even when the attack source is unidentifiable, and practically eliminates risks of blocking legitimate users.
• Augment your threat visibility using real-time, context-aware DNS transaction analytics for behavioral threat detection. Businesses can detect all threat types, and prevent data theft to help meet regulatory compliance such as GDPR and US CLOUD Act.
• Enhance threat intelligence on domain reputation with data feeds which provide menace insight from global traffic analysis. This will protect users from internal/external attacks by blocking malware activity and mitigating data exfiltration attempts.
• Incorporate DNS into a global network security solution to recognize unusual or malicious activity and inform the broader security ecosystem. This allows holistic network security to address growing network risks and protect against the lateral movement of threats.

The financial services industry has long been a target for hackers. However, our research shows the consequences are worsening each year. With costs per attack increasing substantially, it’s time for banks and insurance companies to secure their businesses and protect their data confidentiality with a modern DNS security solution.