show image

The cost of DNS attacks on British businesses has doubled in a year

The cost of domain name system (DNS) attacks on British businesses rose by more than 105 per cent over the last year, with the average strike leaving firms £650,000 out of pocket, new research suggests.

A global survey of 1,000 IT leaders by DNS security specialists EfficientIP indicates that major British businesses were hit by more than eight DNS attacks during the last 12 months, amounting to a total of £4.6m per firm.

The cost of an average attack rose at a faster rate in the UK than in any other country surveyed, although the average cost was lower than in France (£723,000) and Germany (£672,000).

DNS attacks typically involve hackers luring victims to malicious sites by injecting malware into the domain name system, which serves as an address book for the web.

Commenting on the research, EfficientIP’s CEO David Williamson said: “The frequency and financial consequences of DNS attacks have risen and businesses are late in implementing purpose-built security solutions to prevent, detect and mitigate attacks.”

Two-in-five organisations suffered cloud outages, a fifth had lost business and a third were victims of data theft as a result of the attacks, according to the survey.

Last September, Icann, the US administrator that manages the DNS, put plans to update the security of the system on pause after it emerged that the move could sever internet access for tens of millions of people.

The organisation had planned to update the cryptographic keys for secured domain names on 11 October. But while it had been distributing the new keys for months, its researchers found that some internet service providers were not ready to deploy them.

In December, Icann pushed back the rollover date again, saying it would not be able to carry out the process in the first quarter of the year. In February, it published plans to start the rollover in October, a year after it initially intended to do so.