In our discussion of last year’s SolarWinds attack and related collateral damage, we’ve been providing Community members with tips for reducing their exposure to the next major IT supply chain attack. Addressing network-level security is another key step in doing so. While not a part of the initial compromise, data from breached companies was exfiltrated following the attack using a method known as DNS tunneling.
The internet’s domain name system (DNS), often referred to as the phonebook of the internet, is a piece of technology with rare staying power. It’s the system that translates the sting of numbers making up an IP address a computer can recognize into a URL that humans can easily memorize.
DNS is attractive to hackers because the protocol is trusting, making it easy to exploit. After all, the original DNS has been around since the 1980s and was never designed with privacy or security in mind. As the communication cornerstone of the internet, DNS is an ideal target for cybercriminals and state-backed actors to abuse as a mechanism for breaches.
As COVID-19 blurs the network edge and more remote workers make queries from networks outside the corporate firewall, the importance of securing this layer is growing in urgency. There’s ample evidence that attackers are honing their skills with attacks that reflect this new work-from-anywhere global reality.
Make DNS protection a part of your defense-in-depth cybersecurity strategy
DNS protection can prevent numerous techniques used by threat actors to gain initial access, command and control, and exfiltration from being successful. Recent high-profile agencies including the NSA have issued statements urging the adoption of more secure DNS protocols to mitigate increased attacks on traditional DNS servers.
Just as it’s an attractive target for cybercriminals, the DNS layer can be a convenient point for reinforcing cybersecurity. As the number of internet-connected devices proliferates within organizations, DNS security can offer protection from online threats even in the absence of a web browser. Therefore it’s recommended for enhancing server security and should be considered by any organization with IoT devices in use.
Securing the DNS layer reduces inbound malware by as much as 88 percent, according to Webroot user data. That fact alone makes it a valuable layer for defense in depth. It also allows IT admins to be able to track and report on web usage by individuals. This helps isolate risky user behaviors – frequently using peer-to-peer streaming services, for example – that can both sap bandwidth and present serious cybersecurity concerns. By taking steps to increase DNS protection, MSPs greatly improve their cyber resilience and deter attacks aimed at the DNS layer.
Finally, through improvements in the way the system handles user privacy, many IT giants are making investments in this layer of security. But it’s important a DNS security solution maintains the visibility that makes it useful from a security standpoint. Webroot® DNS Protection offers critical functionality allowing partners and users to adopt these protocols and can be configured using DNS best practices for enhanced protection.