A new study from analyst firm IDC finds that data exfiltration via DNS (the Domain Name System) is a major threat to businesses, but is widely ignored.
The IDC white paper, “Dealing with DNS-Based Data Breaches to Avoid GDPR Non-Compliance“, also looks at the standards businesses and other organisations will have to meet to comply with a new EU law, the General Data Protection Regulation, due to come into force in 2018.
Organisations operating in the EU will face fines of up to €20 million or 4% of global revenue- whichever is higher- for non-compliance with the GDPR.
The IDC finds that businesses’ lack of knowledge about DNS exfiltration render them vulnerable to the theft of thousands of personal records within minutes, as well as to EU fines.
The exfiltration works by hiding and encrypting data to be stolen inside seemingly legitimate ‘address labels’, which DNS servers use to route traffic into and out of public servers. The solution the analysts suggest is similar to that used to detect malicious behavior in network traffic – albeit at the more fundamental DNS level.
Commenting on their findings, IDC analyst Duncan Brown said, “GDPR is all about business risk, in 2018 data exfiltration will change the game and it affects organisations globally, not just those based in the EU. Enhanced DNS Security is an added layer of protection when considering privacy for the network data and customers. Preserving reputation and enabling GDPR.”
The study was sponsored by EfficientIP, a provider of DDI (DNS, DHCP and IPAM) solutions. David Williamson, CEO of EfficientIP, commented, “The benefits of GDPR for the privacy of citizens are unquestionable and the EU is leading the way with this legislation. Given how well flagged it is and how important it would be to the future cyber security of global organisations, it is concerning therefore to see that the best efforts of IT security experts will not address this obvious flaw the experts at IDC have pointed out.”
Detecting DNS attacks may include analysis of DNS traffic patterns, blacklisting of compromised traffic sources and even sophisticated packet analysis with the ability to quarantine suspicious traffic. EfficientIP’s solutions offers defensive measures such as separation of DNS cache and recursive functions, in addition to detecting likely threat behaviour using DNS analytics.
A survey in 2016 by EffiicientIP found that in the past year 22% of companies surveyed had been subject to DNS-based DDoS attacks, 12% of organizations in North America and 39% in Asia had had data infiltrated via DNS, and almost 20% of the businesses surveyed had suffered an attack using DNS Zero-day vulnerabilities.
“Quite simply, the choice is to take DNS seriously as a cyber threat or face public humiliation and potentially business-threatening financial penalties when GDPR is in place” said David Williamson. “When IT executives take stock of the investment needed to put smart DNS protection into place versus the risks they are taking without it, their only question should be ‘Do we feel lucky?’. If the answer is not a resounding ‘Yes!’, EfficientIP can help,” he added.