12 Cyber Threats of Christmas – Domain Name Attacks

In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.

Some may be known to you, whilst others, may seem a little more out of the box.

On the fifth day of Christmas, our cyber threat is:

Domain Name System (DNS) Attacks

In the first quarter of 2017, over 330million domain names were registered. Since then registrations have increased to the tune of 3.7% each year.

A domain is essential for any business. It allows you to communicate with customers via email and have a website where you publish content, enabling people to find you on the web.

Domains can be purchased and registered with a number of registrars. However, once a business stops paying for a domain name, and the grace period is over, that domain is then up for grabs for anyone to buy and re-register.

A hacker would be able to search and see which domains are up for grabs, re-register them, find previous emails registered in that domain and reset passwords for a variety of accounts including social media which could then give them unlimited access to even more sensitive files and data.

Recent research conducted by EfficientIP, has revealed that global Governments lose approximately $7m to domain name system (DNS) attacks every year.

This figure is the most amount of money lost in any sector.

When it comes to domain name attacks, what steps can I take to keep my business secure?

Here are some steps you can take to protect your business from this type of threat:

  • Continue to pay for unused domains. It may seem like a silly idea, but it’s a small price to pay in comparison to the damage that can be done if you don’t. DMARC services can ‘park’ the domain so that it can’t be used
  • Use 2 factor authentication where possible
  • Close user accounts that used business emails on services like Dropbox, LinkedIn etc.
  • Unsubscribe from email notifications that may contain sensitive data
  • Advise your customers to update their address book

Missed Day 4 which focused on Password Hygiene? Fear not, you can read it here.