The consequences of suffering an information security breach are well documented, and sadly the frequency with which they occur shows no sign of slowing down. Unfortunately, in the world of domain names, these criminals aren’t going away anytime soon. They’re constantly adapting and becoming more sophisticated in their attempts to exploit governmental, corporate, and consumer vulnerabilities.
In February, we saw a record-breaking number of DDoS attacks, including what Cloudflare reported as the largest attack on record. The CDN provider was hit with an attack which at its peak exceeded 71 million requests per second - 35% higher than the previous record of 45 million in June 2022.
With these threats and consequences in mind, the industry needs to up its game, stay alert and implement suitable controls to monitor and block these threats.
The far-reaching consequences of not having a robust domain strategy
DDoS attacks are not a new phenomenon but in recent years there has been an upward trend both in terms of frequency and size of attacks. As a result, criminals attempting to flood name servers with requests from multiple different sources is one of the most common attack types we see today.
At a domain level, a DDoS attack on the DNS can be catastrophic. For those brands that purely operate online, the DNS is a vital service delivery component – a critical infrastructure that must be guaranteed in terms of availability, performance and uptime. If cybercriminals attack that layer, they have the power to take down all essential services.
Twitter infamously experienced this type of attack back in 2016. The outages were the result of several DDoS attacks which affected 10s of millions of IP addresses. For two hours users trying to access Twitter were met with an error message. Users were left frustrated, Twitter’s revenue was impacted and the business’ security reputation was damaged.
The consequences for scams that involve domains are two-fold: they cause a headache for businesses and customers alike. For businesses, they can be hit with costly monetary losses and are often left to deal with angry complaints for an issue that wasn’t directly its fault. When customers are hit with interrupted services, the only place they can turn is to you – as the brand – to sort it out.
The result will leave companies to deal with huge levels of complaints on top of scrambling to reverse the impact of the attack. This will take its toll on businesses as they are forced to channel resources towards dealing with complaints and dissatisfaction.
How can you manage these changing security threats?
As CISOs, CTOs and their teams review and adjust their security policies and controls, it is a priority that key digital services, such as critical domain names, continue to operate efficiently. Even in the face of DDoS attacks, high performance and availability must be maintained.
But a business’ domain portfolio can be huge, spanning multiple jurisdictions each with its own rules and regulations. In an ideal world, brands would protect every domain, however, for many businesses this simply isn’t financially possible. This leaves businesses wondering where to start. That is why when it comes to managing domain portfolios in tighter financial times, it is about creating a strategy that balances risk against reward.
Steps organizations can take to mitigate these issues
A good place to start is to right-size the domain portfolio based on real intelligence and insight into its current health, coverage and security. To afford the most cost-effective protection, businesses need to audit their domain name portfolio to identify those assets that are deemed business critical, provide maximum value and thus warrant investment in enterprise-grade protection.
The first step to right-sizing is to ensure you partner with a domain management provider that uses a combination of automated intelligent domain monitoring coupled with expert human analysis, reporting and consultancy. No two portfolios are the same and every organization has different needs therefore the marriage of automated, customizable monitoring and human interpretation is essential to a successful audit process.
With your domain name portfolio prioritized in terms of business value, you’ll be on the right path to ensuring security policies, processes and controls are in place to provide protection levels commensurate with the criticality of these assets to your organization.
Take the DDoS attack on GitHub in 2018 as an example. In the same way as Twitter back in 2016, its servers were overwhelmed with spoofed requests which could have risked severe service disruption. However, GitHub was using a domain protection service which automatically detected the attack and triggered a process of mitigation which significantly minimized impact – in the end, the outage only lasted 12 minutes.
DDoS attacks aren’t going anywhere anytime soon. But what you can affect is how you deal with them - being aware, proactive and taking targeted action. As a minimum, we should all take the threat seriously and put in place budget, resource, processes and controls that are appropriate for your business. Those that do will not only strengthen their brand credentials, but they’ll avoid long-term reputational damage, improving their customer relationships in the long run.