Remember the “Yellow Pages”? When you called a listed company number, you could be confident that you’d actually reach a representative of the company. The Domain Name System (DNS) serves a similar purpose online, translating easy-to-remember web addresses, like Amazon.com, into numbers that form an IP address and then connect internet users to the appropriate server for their desired online destination. Because of its similar function to the “Yellow Pages”, DNS has been called the internet phonebook. While the DNS can take you anywhere you need to go virtually, as with all internet-related technology, it is also vulnerable to cybercrime. Cybercrooks can use the DNS to carry out their criminal schemes, causing major disruptions for companies like financial institutions (FIs), where users tend to submit sensitive information that can be used to steal funds or impersonate someone. The DNS UniverseJust how vast is the DNS universe? Cisco Systems is one of the world’s largest managers of DNS activity, and a glance at its data provides a snapshot of just how big this is.Cisco security services resolves 715B DNS requests each day. Not surprisingly, threat actors can frequently flaunt the rules of the DNS road and create costly mischief. They can use DNS tricks to get customers to reveal personal information. They can disrupt or halt DNS traffic to an FI’s website and compromise website integrity.
Some Top DNS ThreatsA recent Cisco report detailed some of the main DNS threats, based on its own data. Here are the top three, and how often they occur:
Some Top DNS ThreatsA recent Cisco report detailed some of the main DNS threats, based on its own data. Here are the top three, and how often they occur:
- Information theft. Cybercrooks compromise your domain name and use their access to get customer information and other data. Much of this sensitive information then gets posted on the “dark web”, where others can use it in malicious ways. Cisco estimated 246MM monthly detections.
- Trojan horses. Once this malware gets into your system, it can quietly be activated and enable theft of data and the ability to spy on activity like keystrokes. Cisco estimated 175MM per month.
- Ransomware. Cybercrooks continue to penetrate domains, take them over, and demand ransom to free them. The monthly estimate: 154MM.
Banks Beware These ThreatsThere are some threats that should be of particular concern for FIs. They can compromise customer data or financial information, lead to financial losses, damage reputations, and lead to regulatory penalties. Here are a few of the most worrisome DNS threats right now:
- RAT (Remote Access Trojan). These Trojan programs get placed on FI systems and can then be remotely activated, enabling access to sensitive financial information.
- APT (Advanced Persistent Threat). These are high-level attacks often launched by foreign governments or organized crime groups. Both data and financial resources could be vulnerable. They can target FIs for their valuable data and financial resources.
- Botnet. Attackers create networks of compromised computers, then use them in concert to launch attacks to disrupt or block an FI’s DNS. They can also be used to launch spam campaigns or initiate other harmful actions.
- Dropper. These programs are dropped onto an FI’s system and used to deliver and install malware. FIs are often targeted by droppers that deliver malware designed to steal sensitive financial data.
How To Fight BackWith the ongoing level of DNS attacks, community financial institutions need to be extra vigilant.Here are a few strategies for DNS defense:
- Regularly update your DNS software.
- Monitor DNS traffic for suspicious activity.
- Use a DNS firewall.
- Use multi-factor authentication.
- Conduct regular drills and simulations.
- Have a robust attack response plan that includes measures to contain an attack and procedures for recovering and returning to normal.
DNS is vital to serving customers online, but attacks on the system can cripple your institution’s ability to function or expose your customers to risks like stolen financial information. With cybercrooks launching millions of DNS probes each month, the need for robust defenses is important to protect your customers and the sensitive information you’re entrusted with.
