DNS Water-Torture Attacks on the Rise

Written by djonon

26 November 2023

DLL Injection VirtualDoers

DNS water-torture attacks rose nearly 353% in daily attacks since the beginning of the year. The top five industries targeted include wired telecom, wireless telecom, data processing hosting, electronic shopping and mail-order companies, and insurance agencies and brokerages.

DNS Water Torture Attacks, also known as “Slow-Read” attacks or “Water Torture” attacks, are a type of cyber attack that exploits the DNS (Domain Name System) protocol to overwhelm and slow down DNS servers. These attacks are a form of resource exhaustion or amplification attack, where an attacker leverages the inherent design of DNS to cause service degradation.

Here’s a basic overview of how DNS Water Torture Attacks work:

  1. DNS Protocol Characteristics:
    • DNS is a critical protocol that translates human-readable domain names into IP addresses, facilitating internet communication. It operates with a request-response model.
  2. Attack Mechanism:
    • In a DNS Water Torture Attack, the attacker sends a large number of DNS queries to a target DNS server. However, unlike traditional volumetric DDoS attacks that aim for sheer volume, this attack focuses on exhausting server resources over time.
  3. Slow-Read Technique:
    • Instead of bombarding the DNS server with a massive number of requests simultaneously, the attacker sends a steady stream of small, legitimate-looking DNS queries. Each query requires a response from the server.
  4. Resource Exhaustion:
    • The cumulative effect of these continuous, small requests places a strain on the DNS server’s resources. Over time, as the server processes numerous concurrent connections, it becomes overwhelmed, leading to degraded performance or even service unavailability.
  5. Hard to Detect:
    • DNS Water Torture Attacks can be challenging to detect because the individual requests appear legitimate, and the attack doesn’t generate a sudden spike in traffic that is characteristic of traditional DDoS attacks.
  6. Prolonged Impact:
    • The attack’s impact is often prolonged, as the gradual resource exhaustion can persist even after the attack ceases, leading to a slower recovery for the targeted DNS server.
  7. Mitigation Strategies:
    • Mitigating DNS Water Torture Attacks involves implementing strategies to identify and filter malicious traffic. This may include rate limiting, traffic profiling, and employing DNS-specific security solutions that can distinguish between legitimate and malicious queries.
  8. DNS Anycast Deployment:
    • Some organizations use DNS Anycast deployment, distributing DNS servers across multiple locations to improve resilience and absorb the impact of such attacks.

Perpetrators of DNS water-torture attacks

dns water-torture attacks
dns water-torture attacks

Attributing cyber attacks, including DNS Water-Torture Attacks, to specific perpetrators can be challenging due to the nature of these activities. The anonymity and obfuscation techniques employed by attackers often make it difficult to identify their origins definitively. However, the motivations behind such attacks can vary, and potential perpetrators include:

  1. Hacktivists:
    • Individuals or groups with social or political motivations may carry out DNS Water-Torture Attacks to disrupt the online presence of a targeted organization or entity that they perceive as opposing their views.
  2. Cybercriminals:
    • Some attackers may conduct DNS Water-Torture Attacks for financial gain. By disrupting the services of a targeted organization, they may create opportunities for extortion, ransom demands, or other financially motivated activities.
  3. Nation-State Actors:
    • State-sponsored groups may conduct DNS Water-Torture Attacks as part of cyber espionage or to disrupt the operations of entities considered adversaries. Such attacks can be politically motivated and serve strategic objectives.
  4. Competitors or Business Rivals:
    • In some cases, organizations or individuals may engage in DNS Water-Torture Attacks to gain a competitive advantage by disrupting the online services of a business competitor.
  5. Script Kiddies:
    • Less sophisticated individuals, often referred to as “script kiddies,” may conduct DNS Water-Torture Attacks for the sake of causing disruption or to prove their technical skills without a specific motive.
  6. Criminal Organizations:
    • Organized crime groups may engage in cyber attacks, including DNS Water-Torture Attacks, as part of broader criminal activities, such as extortion, fraud, or intimidation.

It’s important to note that the attribution of cyber attacks is a complex process, and false flags or deception techniques are frequently employed by attackers to mislead investigators. In many cases, the true identity and motivations of the perpetrators remain undisclosed.

Security professionals and organizations combat DNS Water-Torture Attacks by implementing robust cybersecurity measures, including intrusion detection systems, traffic monitoring, rate limiting, and employing DNS-specific security solutions. Additionally, collaboration between cybersecurity experts, law enforcement agencies, and international organizations is crucial for investigating and mitigating such attacks.

DNS Water-Torture Attacks Timeline

The widespread misconception that cyber attackers exclusively target large multinational corporations can be misleading and harmful. While it’s true that high-profile cases often involve major firms with millions of customers, this doesn’t imply that small and medium-sized enterprises (SMEs) are immune to cybercrime; in fact, they are often more vulnerable.

Unlike their larger counterparts, SMEs typically operate with more constrained cybersecurity budgets. Consequently, the repercussions of attacks like DNS Water Torture can be exceptionally damaging for these companies.

One sector that vividly illustrates the impact of such dangers is e-commerce. For many companies, online stores serve as a pivotal business channel. Any disruption in service due to cyber threats could have severe economic consequences, potentially destabilizing their financial well-being. This vulnerability is particularly heightened during peak sales periods like Black Friday, where e-retailers experience surges in both traffic and sales. Therefore, fortifying website defenses becomes crucial to prevent potential outages and capitalize on sales opportunities during such periods.

Publicly traded companies also remain primary targets for attacks like DNS Water Torture. These entities hold annual shareholder meetings, and investors rely on their websites for critical information. Additionally, legal obligations mandate many companies to publicly file their results, making timely disclosures imperative to avoid penalties.

Even organizations engaged in more sensitive activities, such as online banks, need to guard against these threats irrespective of their size or sector. The motives of attackers can vary; they may engage in such activities to extort money from the targeted company, driven by personal or commercial interests. This underscores the importance for businesses, regardless of size, to prioritize robust cybersecurity measures to safeguard against potential cyber threats.


DNS Water Torture Attacks highlight the importance of securing critical internet infrastructure, as DNS is fundamental to online communication. Organizations must implement robust security measures to detect and mitigate various forms of DNS-based attacks, ensuring the reliability and availability of their online services.

Sign up – no credit card or commitment needed.

Try our videos and Employees Risk Assessment for free!

Related Articles

Effective Cybersecurity for SMB: Why is it Critical?

Effective Cybersecurity for SMB: Why is it Critical?

In today’s digital world, cybersecurity for SMB (Small and Medium Businesses) is vital for small businesses to thrive, or at least survive. Cyber attacks continue to dominate the headlines, with a particular focus on well-known firms. However, research shows...

Shoulder Surfing Attacks: How to Annihilate Them

Shoulder Surfing Attacks: How to Annihilate Them

A shoulder Surfing Attack is a social engineering technique where an attacker simply looks over someone’s shoulder to get confidential information. It could be as simple as when a person is entering their PIN in an ATM or when a person is entering the username and...

The Unseen Threat: How Shoulder Surfing Puts Your Privacy at Risk

The Unseen Threat: How Shoulder Surfing Puts Your Privacy at Risk

Shoulder surfing is a form of visual eavesdropping in which an individual observes, or "surfs," the activities of another person, typically with the intent of gathering sensitive or confidential information. This technique involves someone looking over the shoulder of...

Stay Up to Date With The Latest News & Updates

Cybersecurity for  Executives

Are you a Manager or a busy Executive?

This course will equip you with the framework, vocabulary and understanding of cyber risks, and will give you the confidence to take the lead in cybersecurity initiatives

Join Our Newsletter

Subscribe to the VirtualDoers newsletter to receive our monthly publications!

You can unsubscribe at any time

Stay Connected!

Follow us in our networks