3 ways DNS filtering can save SMBs from cyberattacks

3 ways DNS filtering can save SMBs from cyberattacks

If you’re an SMB, chances are that you’re already well-aware of the fact that cyber threats can wreak havoc on your business

Everything from rootkits to ransomwarethreaten not just financial losses, but also significant network downtime and reputational damage as well. Couple this with the fact that many cyberthreats are web-based, and you might be stuck wondering how best to secure your business online. 

That’s where DNS filteringcomes in. 

But first, DNS in a nutshell. So normally, every time your customer types in your web address, their computer makes a request to a DNS server. The DNS server, in turn, tells the computer where to go. If all goes well, then voila, your customer is at your website. 

A DNS filter stops you from accessing unsafe websites—including those posing a strong malware risk. But which web-based cyberthreats in particular does DNS filtering stop, you ask? 

In this post, we’ll break down three ways DNS filtering can help save your business from cyberattacks. 

1. Blocks phishing websites

Let’s say someone at your company gets an email from their “bank” asking them to update their password.  

Not knowing it’s a fake, this employee clicks a link taking them to a malicious website that looks exactly like the original. Your employee then fills in some  sensitive info, maybe even downloads a malicious file — and bam, just like that, criminals now have access to your network, allowing them to install malware, steal data and spread ransomware. 

You might recognize this as one example of phishing, an attack where cybercriminals trick potential victims into sharing sensitive information or giving the perpetrator privileged access to a network. 

Luckily, by blocking the domain names of phishing sites, a DNS filter can nip attacks in the bud. 

Here’s how it works: DNS filtering references databases of known nefarious domain names. Databases of malicious websites can also be sorted into threat categories, such as spyware, typosquatting, cryptomining, and so on. From there, your organization can block malicious sites like these sites to secure their environment against phishing attacks.  

In other words, if you have a DNS filter, as soon as that same employee clicks a link to a malicious website —they’re prevented from visiting it. 

2. Secures you against machine-in-the-middle attacks 

Imagine you’re at a cafe chatting with a trusted friend, sharing private details about your lives with one another. You probably wouldn’t appreciate it if some random stranger was tuning into the conversation, listening carefully to every word. 

Such a scenario roughly analogous to what a machine-in-the-middle attack(MITM, also referred to as a man-in-the-middle attack) is — except in a MITM attack, the stakes are much higher. Cybercriminals in MITM attacks can steal your personal information, passwords, or banking details by intercepting the data sent between you and an application.  

One type of man-in-the-middle attack businesses should worry about is DNS spoofing. 

In a DNS spoofing attack, a hacker sits in the middle of this process. So when the computer of that same customer makes a request to a DNS server, asking where your website is, a hacker can instead redirect your computer to a malicious website! 

From there, hackers can phish sensitive customer or business information — as described above. These types of attacks are where DNS encryption, included in any good DNS filter, is essential. It secures the connection between your computer and the DNS resolver, so that cybercriminals not sit between you and and feed you spoofed DNS entries.

3. Detects potential DDoS attacks 

The last thing any business wants is to suffer from a Distributed Denial of Service (DDos) attack

You can think of a DDos attack as being kind of like a zombie invasion. Using an army of bots called a botnet, a cybercriminal can use thousands or even millions of “zombie” computers to flood your website, ultimately overloading it and bringing it down. 

The end result? Brand damage, angry customers — and ofteneven lost revenue

One type of DDos attack is called a DNS flood, where the cybercriminal uses their army of bots to overwhelm a DNS server and prevent it from directing legitimate requests to your website. 

And, as is the case with most cyberthreats, the earlier you spot a potential DNS DDos attack, the better. Being able to continuously monitor DNS activity is a great way to catch the warning signs of a DNS DDoS attack — and with a DNS filter, you can do exactly that. 

Protect your end users and your organization from web-based threats 

The web is full of dangerous corners.  

It’s a breeding ground for phishing attacks, spyware, common viruses and malware, not to mention ransomware. And as these attacks continue to increase in frequency and sophistication, it’s never been more important for SMBs to secure themselves online.  

But while having a DNS filter is great way to do that, many small and mid-size organizations don’t invest in one — leaving them exposed. 

Malwarebytes DNS Filtering is apart of our EDR solution, which prevents, detects, and responds to ransomware, malware, trojans, rootkits, backdoors, viruses, brute force attacks, and “zero-day” unknown threats so you can avoid business disruption and financial loss. 

Complete cyberthreat protection starts here


Bill Cozens

Content Writer

Bill Cozens is content writer for the Malwarebytes business blog, where he writes about industry challenges and how best to address them.