Protect organizations against DDoS attacks targeting DNS infrastructures

According to an IDC study published in October 2020, 83% of telecom or media companies have been victims of an attack in the previous 12 months through their Domain Name System (DNS). This computer system, which allows Internet domain names to be translated into IP addresses, is fundamental for any organization wishing to provide online services or content.

While the health crisis has led to a massive digital transition within companies, DNS systems have become obvious targets for cybercriminals, who often use DDoS attacks.

DNS compromises typically take the form of Distributed Denial of Service (DDoS) attacks. To achieve them, hackers use botnets, a network of connected computers which, unbeknownst to their respective owners, are configured to transmit information to other computers connected to the Internet. Cyber ​​criminals use these tools to generate domain name queries using the source IP address of the targeted DDoS victim. The DNS servers thus send a large volume of responses to the victim, creating a volume of traffic 10 to 100 times greater than that generated by the original botnet. When the limits of the bandwidth of the network, the server or the application are reached, the circuit becomes unavailable.

Threat information and regular maintenance

Different strategies are recommended to protect against DDoS attacks targeting DNS. First, the dissemination of information between network users and IT teams is essential for the detection and mitigation of DDoS attacks. Security personnel and DNS administrators should not only be aware of the latest Domain Name System breaches, but also understand how they were orchestrated and their impact on the DNS infrastructure. Regular maintenance of IT infrastructure is also important to any protection strategy. It is indeed key that organizations take the DNS system into account in periodic tests of the DDoS attack mitigation plan, but also that they regularly audit and correctly configure DNS servers.

Network visibility and risk mitigation strategies

Organizations also need to be able to quickly detect DNS traffic from malicious activity. For this, visibility at the level of the different layers of the network is necessary for an effective reaction of the IT teams, in order to limit the consequences of any threat for the company. Organizations also have the ability to reduce risk, including using tools dedicated to mitigating DDoS attacks on their own infrastructure. These detect the unusually high volume of traffic generated by an attack, then eliminate the threat using intelligent routing to control the DDoS threat. Finally, organizations can also promote information sharing with network operators. They will thus be able to react better in the event of future compromises thanks to the implementation of an attack detection system on all of their networks.

By applying these strategies, organizations strengthen their protection against the DDoS dangers to which their DNS systems are subject. These are at the heart of their IT structure and monitoring the traffic generated from these entry points is essential for employees to connect to their corporate network. While teleworking was essential during the health crisis and should continue in the future in the form of a hybrid model, leading to increased use of bandwidths, it is essential to take into account the cyber issue of DNS systems. the sustainability of all the resources of organizations.