Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

In the two years since Dyn went dark, what have we learned? Not much, it appears

DNS infrastructures still vulnerable to attacks

John Leyden Thu 11 Oct 2018  //  13:06 UTC

The majority (72 per cent) of FTSE 100 firms are vulnerable to DNS attacks, nearly two years after the major Dyn outage.

Today the web was broken by countless hacked devices – your 60-second summary

READ MORE

A similar three in five of the top 50 companies listed in the Fortune 500 are also ill-prepared for an attack similar to the Mirai botnet-powered assault against Dyn that left much of the web unreachable in late October 2016. A large minority (44 per cent) of the top 25 SaaS providers are also vulnerable, according to stats from a DNS Infrastructure Performance Report by security firm ThousandEyes published Wednesday.

DNS acts like a phone book for the internet, translating domain names that humans understand, such as Google.com, to internet addresses that computers and network routing equipment can process.

Cricket Liu, chief DNS architect and senior fellow at Infoblox, told El Reg that he didn't think "there was much evidence" DNS security had improved in the two years since the Dyn attack. "It hasn't gotten any easier to use multiple authoritative DNS providers, for example (say Dyn plus Verisign or Neustar). Being able to use multiple providers would make a big difference," he said.

ThousandEyes DNS best practices are not widespread in major enterprises and SaaS providers, leaving many organisations vulnerable as a result.

Cloudflare, Google and OpenDNS rated as the top public DNS performers in ThousandEyes' study. Top providers varied by region and country. In the UK, Level 3 had the best performance, followed by Google and OpenDNS while Google was the top dog in the US.

ThousandEyes found that DNS performance was highly variable among different public resolver providers and managed providers across various regions and countries. Countries known to interfere with the "free and open" running of the internet (e.g. China and Russia) create "DNS performance variations", according to ThousandEyes.

DNS selection affects how a company's application or service performs so organisations need to ensure they are building on a firm foundation.

ThousandEyes' report is based on data collected over 30 days — between 19 August and 19 September 2018 — which resulted in more than 15 million data points. The state of DNS resilience among major enterprises and SaaS providers was also collected.

More details on the study and its methodology can be found here. ®
Send us news
26 Comments

Feline firewall woke developer to declaw DDoS disaster

System alerts were pinging but cat had no way of knowing what was happening

Row breaks out over true severity of two DNSSEC flaws

Some of us would be happy being rated 7.5 out of 10, just sayin'

Some 300,000 IPs vulnerable to this Loop DoS attack

Easy to exploit, not yet exploited, not widely patched – pick three

Nominet to restructure, slash jobs after losing 'major deal'

Prices also set to rise after being frozen since 2020

French government sites disrupted by <i>très grande</i> DDoS

Russia and Sudan top the list of suspects

Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC

'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge

NKabuse backdoor harnesses blockchain brawn to hit several architectures

Novel malware adapts delivers DDoS attacks and provides RAT functionality

DDoS-like attack brought down OpenAI this week, not just its purported popularity

Plus: Lab launches dataset sharing initiative for its own benefit

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

Zyxel zero days and nation-state actors (maybe) had a hand in the sector’s worst cybersecurity event on record

HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet

Botnet storm drowned last record with 398 million requests per second

Huge DDoS attack against US financial institution thwarted

Akamai reckons traffic flood peaked at 55.1 million packets per second

Mirai reloads exploit arsenal as botnet embarks on another expansion drive

With 13 new payloads it's the biggest update to the botnet in months