10,000 Attacks Reported by Microsoft Shows importance of DNS Security

In today’s digitally driven age, the abundance of new technology has brought forth a plethora of new opportunities and benefits, but also drawbacks as well.

The most notable drawback is the rise of cybercriminal activity, with hackers growing in speed, volume, and most dangerously sophistication. Most cyber attackers however, still go through employees, with 80 percent of the breaches involving web browsers on mobile/desktop, and 85 percent of the breaches involving a human element. This has led cybersecurity to become a new top priority for enterprises, as they look to bolster their cyber defenses.

Recently, Microsoft reported a massive phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multi factor authentication (MFA). This campaign has attempted to target more than 10,000 organizations since September 2021.

“In this attack, hackers deploy a proxy server between a target user and the website the user wishes to visit,” said Osman Erkan, Founder and CEO of DefensX. “In other words, this setup allowed the attacker to steal and intercept the target’s password and the session cookie that proves their ongoing and authenticated session with the website, allowing them to bypass MFA. This is a very serious issue, and one of the challenges we built our technology to address.”

DefensX's software solutions claim to eradicate risk from web-borne threats, making sure users are safe working anywhere, on any network, and on any device including desktops, laptops, smart phones and all major operating systems, including iOS and Android.

“Along with new practices by attackers, MFA also still allows for simple mistakes on the user’s end to be the breach point for hackers,” Erkan said. “Some workers are overcome with what’s known as MFA fatigue, or an overload of notifications or prompts via MFA applications, in multiple accounts. Power users can receive dozens of these messages each day, requiring them to use multi-factor to perform logins or approve different actions. What our research has found is that this leads employees to start setting security best practices aside and become careless, putting their organization and their accounts in danger of compromise. DefensX bundles Remote Browser Isolation, Zero Trust File Protection, and Zero Trust Credential Exposure functionalities for secure remote work, and we make it extremely easy to use, without slowing down productivity.”

DefensX sells through MSPs and MSSPs, and through cloud marketplaces such as Pax8. With the pure-cloud DefensX solution, service providers can easily bundle their own security services, and boost their revenue base.

With such a variety of attacks – from phishing, malware/ransomware, zero-day attacks, and web-borne threats – it is critical for MSPs to begin adopting and leveraging all the tools available at their disposal to combat threats. One of the most notable tools MSPs are starting to use in the fight against hackers are Secure Access Service Edge (SASE) solutions.

SASE, along with its combined package of technologies such as SD-WAN, Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), help greatly improve an enterprises cybersecurity. Between the variety of technologies, SASE can identify sensitive data and malware, decrypt content at line speed, continuously monitor sessions, and assess risk and trust levels.

“Small, medium and large enterprise tools are now available and billed as an affordable, monthly subscription,” Erkan said. “With DefensX's Multi-Tenant Cloud, service providers can serve many of their end-customers in a very cost-efficient and profitable way. Service providers can easily bundle their existing services with DefensX's eSWG, eCASB, RBI, local-isolation, credential exposure protection, and SaaS access protection features while offering their clients an additional line item.”

The benefits provided to MSPs who leverage SASE solutions are bountiful, improving multiple parts of their cybersecurity offering to customers. For example, SASE solutions add zero-trust security to an MSP’s cybersecurity portfolio.

Zero-trust enforces access policies based on specific context—including the user's role and location, their device, and what data they are requesting—to block inappropriate access and lateral movement throughout a data environment. On top of this, with zero-trust endpoint security, data and networks can even be safely managed with employees spread out working remotely. Endpoint security products secure and collect data on the activity that occurs on endpoints, while network security products do the same for networks.

“SASE solutions are enriched when MSPs add Domain Name System (DNS) protection to their portfolio,” Erkan explained. “DNS security protects DNS infrastructure from cyberattacks in order to keep it performing quickly and reliably, incorporating a number of overlapping defenses, including establishing redundant DNS servers, applying security protocols like DNSSEC, and requiring rigorous DNS logging.  Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations.”

These limitations, combined with advances in technology, make DNS servers vulnerable to a broad spectrum of attacks, including spoofing, amplification, DoS (Denial of Service), or the interception of private personal information. And since DNS is an integral part of most Internet requests, it can be a prime target for attacks, making DNS protection critical in today’s world.




Edited by

Erik Linask