DNS, DoS Attacks Slip Past Corporate Defences

Attackers are increasingly hitting networks and applications while organisations are struggling to mitigate the effects of the attack using traditional defenses, according to the latest survey from F5 Networks.

About one-third of the respondents of the survey of senior IT managers in 1,000 organisations around the world said that traditional defenses were not able to protect against complex blended threats, F5 Networks said in a report released on 7 November.

The “most worrisome” threat reported by the IT managers was that existing defences had trouble defending against four out of the top five types of attack, according to the report.

Defence

Attacks are getting more difficult and expensive to defend, Alan Murphy, senior technical marketing manager for F5 Networks, told eWEEK. Domain Name Server (DNS) attacks were the most frequent type of attacks faced by organisations, the most difficult to defend against and had the highest impact on enterprises, the survey found.

“There haven’t been a lot of changes in the DNS architecture since it was originally designed,” Murphy said. DNS attacks included denial of service, domain spoofing and cache poisoning to divert users to malicious sites, according to Murphy.

Other types of attacks that were difficult for enterprises to defend against included network-layer denial-of-service attacks, improperly accessing encrypted data, misconfigured systems and application layer denial-of-service attacks, according to the survey. Adversaries were increasingly launching cross-site scripting, SQL injection, cross-site request forgery and directory traversal attacks against organisations, the survey found.

About 38 percent of the survey respondents said traditional defences performed less than “somewhat well” in protecting against complex, blended threats, F5 said. More than half, or 53 percent, of the respondents also said there was a network performance impact from these security safeguards.

Traditional defences “fall short” because threats are constantly evolving, according to Murphy. About 42 percent of the survey respondents said a firewall failed during a network-layer denial-of-service attack in the past 12 months, according to F5 Networks. About 36 percent claimed the firewall failed during an application-level denial-of-service attack.

Stolen funds and data

All the organisations that were breached in the survey claimed to have suffered some kind of loss, including stolen funds and data, regulatory fines, loss of customer trust, lost revenue and lost productivity. Organisations typically lost $682,000 (£425,000) in the past 12 months, Murphy said.

Just encrypting the data was not sufficient, since organisations needed to control how the data was being accessed, Murphy said. Toward that end, 92 percent of the survey participants said they consider application delivery controllers (ADC) an appropriate alternative to traditional security products, F5 Networks found.

According to survey results, 74 percent said they are deploying ADCs for application security and about the same number are implementing them for access control. Approximately 64 percent rely on ADCs for traffic-inspection-based security, the survey found.

Organisations need to have context to understand network traffic. To be able to properly deliver applications on the network, the IT department has to know who is accessing the network or data, from where it is being accessed and what kind of device is being used, he said.

In the case of a denial-of-service attack on a DNS server or on the network, it is hard to mitigate if the IT department can’t correlate the various streams and identify them as part of a single attack, Murphy said.