The DNS security firms polled 1000 senior technology and security decision makers around the globe from January to April 2018 to compile its 2018 Global DNS Threat Report.
It revealed that 77% of organizations were hit by a DNS attack in 2018, with the average firm suffering seven attacks.
DNS attacks come in various flavors, but usually involve denial of service, infecting DNS infrastructure with malware designed to take the user to malicious sites, or exfiltrating data via DNS tunneling techniques.
EfficientIP found DNS-based malware and phishing (36%) were the most popular attacks, followed by DDoS (20%) and similar lock-up domain attacks (20%), and DNS tunneling (20%).
The report clearly shows the potentially major impact DNS attacks can have on organizations: 40% of respondents claimed they suffered cloud outages, one-third (33%) were victims of data theft and 22% suffered lost business.
In the UK, 20% lost sensitive data, 15% had IP stolen, and 21% lost customers, according to EfficientIP.
The global average cost per DNS attack increased by 57% year-on-year, but in the UK the figure soared 105%, with firms paying nearly $4m annually.
An EfficientIP spokesman told Infosecurity that London’s position as a financial center may have led to the surge in attack costs.
“The research shows the cost and frequency of attacks have increased exponentially in the financial sector,” he said. “A likely explanation could be that the City is an ideal target for hackers as it provides lucrative and vulnerable targets. The TSB IT disaster is a good example of this: TSB made its customers ideal targets for phishing attacks.”
In fact, UK financial services firms faced on average eight attacks, more than any other industry, according to the report. These cost an average of £681,000 per attack, equating to around £5.4m each year.