DNS reflection attacks – are we better prepared six months after Spamhaus?

Back in April, we conducted a survey about DDoS and DNS reflection attacks following the now legendary Spamhaus attack, the largest attack of its kind. The results were fascinating; very few (10 per cent) of the people we spoke to were able to describe a DNS reflection attack and only 11 per cent were confident that their day-to-day business operations would not be affected by a DDoS attack on their systems.

In late September, at Gartner’s Security and Risk Management Summit in London, we surveyed 31 respondents from some of Europe’s largest organisations in order to ask some of these questions again and see how far we’ve come in the six months after Spamhaus.

Immediately, we can see that there is greater awareness of how the DNS reflection attack vector works, with almost a quarter of respondents (24 per cent) claiming to be able to give an accurate description of how DNS reflection and amplification attacks work – up from just one in ten in our previous survey.

In fact, at least 92 per cent of those we asked had at least a general understanding of the threat. This is a significant improvement and a sign that the learnings from Spamhaus are filtering through.

Worryingly though, we haven’t seen much movement in how well prepared most businesses are. Just one in eight (12.5 per cent) of respondents would be completely confident that their day-to-day operations would not be disrupted by a DNS reflection attack.

This is just marginally up from April when 11 per cent of respondents were fully confident, meaning that 87.5 per cent would not be completely confident that their mitigation strategies would be effective.

Interestingly, the top three risks highlighted by respondents remained the same – impact on customers (67 per cent), reputational damage (63 per cent) and data loss (41 per cent).

Revenue loss was only a primary concern of around a fifth of those surveyed (22 per cent), about twice as many as in the aftermath of Spamhaus. This shows that DDoS is primarily seen as a nuisance to customers but that there is also a growing awareness of the financial risks involved in services being knocked offline.

These findings suggest that while most people are better informed, few are better prepared for an attack. Unless this knowledge is translated into better IT security the chances are that we will continue to see DDoS attacks having a significant impact on businesses.

Forewarned is forearmed, but only if we take heed of the lessons.