Dr Malcolm Murphy, systems engineering manager, Infoblox
With financial institutions facing three times as many cyber-attacks as businesses in any other sector, it’s little wonder that security is a growing concern for the financial services industry.
Cyber security was ranked as the top systemic risk to the economy by almost half of firms operating in the sector (46%) and, with poor cyber security identified as a threat to growth by over 70 percent of CEOs, cyber security is clearly now as much of an issue for the board as it is for the IT team. As banks face having their ratings cut should they fail to protect themselves from attack, it’s an issue that must be addressed.
Networks under attack
Invented over 30 years ago, the Domain Name System (DNS) has continually evolved to become a core component of today’s Internet which, unfortunately, has made it one of the most attractive targets for hackers and cyber-criminals. The address book of the Internet, DNS lies at the heart of every organisation’s IT network, translating domain names, or web addresses, into numerical machine-readable Internet Protocol (IP) addresses.
Every corporate network examined for a recent security report was found to have been compromised in some way. Despite this, more than a quarter (26%) of enterprise IT security staff have admitted to taking no formal responsibility for protecting their organisation’s DNS.
This lack of attention could be a key reason for DNS being perceived as a soft target for cyber-criminals, and is arguably an important factor in the growing prevalence of DNS-based attacks.
Distributed denial of service, or DDoS, attacks are just one example of how DNS is being targeted. Currently on the rise, DDoS attacks against the finance industry represented 15 percent of all DDoS attacks reported in Q4 2015, costing banks an average of $100,000 an hour, with 30 percent also suffering virus installation or theft as a result.
What makes DDoS attacks so concerning is the simplicity with which they can be generated using DNS infrastructure. Hackers will take control of hundreds, even thousands, of systems and use a spoof of their target’s IP address to send queries to servers across the internet, each of which will send back responses. The sheer volume of these responses will then overwhelm the target’s servers and severely diminish performance, often to the point of failure. By way of illustration, a recent DDoS attack on a large computer storage company’s internal DNS resulted in full outage and its employees being sent home.
On top of the havoc they wreak, DDoS attacks can often be used as a diversionary tactic, distracting the security team and leaving a firm vulnerable to more sophisticated attacks.
Response and mitigation
There is no simple solution to securing an organisation’s DNS, but there are steps an IT team can take to help them respond to and mitigate DDoS attacks.
The first of these is to recognise just when an attack is taking place. An organisation’s network administrators can use statistic support built into BIND, the most commonly-used DNS software, to analyse data on DNS queries for indicators of an attack. It may not always be entirely clear what an attack looks like, but anomalies will be easier to identify.
Attention should then be turned to all aspects of an organisation’s infrastructure, such as switches, routers and firewalls, which face the Internet.
Scrutinising these areas should identify any potential points of failure that might leave the network vulnerable to attack.
Then, by ensuring that its external servers are widely distributed geographically, an organisation will improve its chances of avoiding single points of failure, and their inherent vulnerabilities. Thought should also be given to overproviding existing DNS infrastructure through the use of virtualised servers in the cloud. Both inexpensive and easy to trial prior to an incident, such a process can mitigate the huge number of responses that result from a DDoS attack.
Hackers are constantly on the lookout for weak spots in the defences of financial services firms across the globe. By ensuring the right security solution is in place to defend their DNS, a critical part of their IT infrastructure, these firms will be taking an important step in protecting their sensitive data, their clients, and their own reputations and bottom line.