Jun 12, 2019

The dark side of the internet's phonebook

A stack of phonebooks

Photo: Justin Sullivan/Getty Images

According to a new report by the nonprofit Global Cyber Alliance (GCA), up to one-third of hacking between 2012 and 2017 could have been detected if businesses had used a more secure version of DNS — a service that operates behind the scenes to allow web browsers to work.

Catch up quick: DNS — A domain name service (DNS) that operates like an internet phonebook, converts domain names entered by users into internet addresses read by machines.

Details: Jay Jacobs, who headed the report, worked with the researchers behind the Verizon DBIR, a thorough compendium of breach statistics, to determine that 3,668 of the more than 11,000 data breaches on file used vectors that frequently involve the use of DNS.

  • That could mean things like malicious ads loaded from other websites, fraudulent websites or malware communicating with a host through a website.
  • Given previous research evaluating the cost of breaches cited in the GCA study, the report estimates that using a DNS that could perfectly block sites known to be malicious could have been used to detect as much as as $19 to $37 billion of malicious cyber damage in the U.S. in 2016 or $150-$200 globally in 2018.

Between the lines: DNS is not traditionally used as a security tool. "It’s not a sexy control," Jacobs told Axios.

  • Most people don't know what DNS service they use. By default, most people use ones that don't filter malicious sites.
  • But free DNS services with filters do exist — including Quad 9 — a service founded by GCA itself. Switching to one of the services is a relatively simple fix — just a settings change.
  • While they aren't perfect at detection, they are infinitely better than no detection. And as the DNS filters get better, so will detection rates
  • "Moving forward, we'll hopefully see a lot of advancement in that space," said Jacobs.
Go deeper