Adopting a security-by-design framework and prioritizing DNS security are fundamental considerations now and the post-pandemic era, argues this DNS-security representative.

The development of digital banking has facilitated more convenient means of helping banks and financial institutions capture digitally-enabled consumers. Southeast Asia remains a key region in this respect, having been considered the hotbed of innovation, and being home to Asia’s largest digital economy.

Digitalizing banking services increases vulnerability to cyberattacks, because the potential reward for successfully hacking a financial institution is huge. In particular, attacks targeting DNS are increasingly- prevalent, considering that almost all network connections are initiated via DNS.

A single attack could cause downtime to the network. In February and June, we saw attacks on AWS and Akamai respectively. Indeed, reports show that DNS security is considered to be of high importance for 76% of financial organizations in Asia. However, among them, cyberattacks in the financial sector remain among the most costly, at nearly US$1.3 million per attack. This is significantly higher compared to the cost of damage in other sectors, averaging at US$924,000.

App and cloud service downtime

The overall cost of these attacks mitigation costs, full-time-equivalent (FTE) hours spent, and business damage. The financial sector, like other sectors, suffers many impacts from a DNS-based attack. At the top of the list is cloud service downtime and in-house app downtime (53% and 59%, respectively).

Compared to the average, financial institutions also suffer higher rates of loss of business: 35%, compared to the average of 29%; brand damage: 32%, compared to 29%; and sensitive customer information stolen: 17%, compared to 16%. The top methods of attacks in the financial sector were DNS-based malware (42%), phishing (39%), and DDoS attacks (33%).

Existing countermeasures to combat DNS attacks are proving to be insufficient. Shutting down the affected processes (58%) or disabling affected apps (49%) leaves customers without access to their data or services for a period of time. On average, it takes nearly five hours for financial organizations to mitigate an attack, which only increases the potential for financial losses and affects their reputation.

Zero Trust for DNS security

For organizations to be sufficiently protected from these and similar attacks, organizations should act to ensure their networks are compliant with IT hygiene rules and accelerate investments in DNS security. Among them, a Zero Trust strategy is particularly effective.

Reports show that about 39% of the financial services sectors have implemented or piloted Zero Trust, compared to an average of 31% across all sectors.

A successful Zero Trust approach requires elevated DNS security through the implementation of advanced threat detection capacity with user behavioral analytics (UBA).

Insight from internal DNS traffic analysis, particularly about client behavior, offers opportunity to enhance threat intelligence and filtering domains. Machine learning tools enable the detection of zero-day malicious domains (those not yet known to be malicious) and domain generation algorithms (DGAs). These options prove very useful against modern-day attacks, which are increasing in frequency and intensity; and will continue to do so as the threat environment develops with technological advancement.

Better be safe and SOAR-RY

When it comes to protecting data, DNS traffic analysis is also essential. Information is often hidden in normal network traffic during data exfiltration via DNS, so the latter often goes unnoticed by tools such as firewalls.

Measures that go beyond blacklisting to focus on contextual client behavior, are far more efficient for closing back doors to data theft and combating ransomware. Financial institutions polled in studies have cited better monitoring and analysis of DNS traffic as their top priority for protecting data confidentiality on their network. 

Other focus areas include security orchestration, automation and response (SOAR), better automation of network security policies (43% still mainly use manual processes), and sharing actionable DNS security event information with Security Information and Event Management / Security Operations Centers to help forensics, overcome breach fatigue, and ease threat remediation.

Since the proliferation of remote-working on a global scale, cyberattacks on the financial sector have surged (+238% between February and April 2020). Adopting a security-by-design framework and prioritizing DNS security are two fundamental considerations for safeguarding financial systems now and the post-pandemic era.