Sure is tempting to click on, isn’t it? Remember, not all threats come in through phishing.
First off, who are the threat actors?
You have individuals/script kiddies. Sounds lame? It is the worst because even though they aren’t particularly sophisticated and they use script and spray and pray as many targets as they can. The fact that easily available tools are there for them to use just shows how simple this all is.
Then you have criminal organizations that were classified as being, medium sophistication. While they leverage scripts, they can be incredibly targeted. They also may have their own development staff to help modify and improve the tools. In many cases even state-sponsored. The difference is that the motivation is money.
Finally, you have the state actors. Either directly with places like North Korea doing direct attacks to generate revenue for the state, semi-sponsored groups that operate safely inside some states as long as they don’t attack their home country and states themselves looking to destabilize other places.
The impact is huge. The presentation cited a recent U.S. DoJ report about an organizer in a hijacking group that compromised tens of millions of debit and credit cards and caused billions in damages. Yes, that is one bad actor with a result that has a “B” in the dollar amount. In the U.S. alone, the Internet Crime Report published by the FBI showed that in 2020 reported crimes totaled $4.2 billion in losses up from $700 million in 2019 – and that is just what was reported.
This is evident in the types of attacks. Phishing/vishing/smishing and pharming has taken off exponentially while other forms of attack, while also growing are doing so more linearly.
In short, whatever one does, one should always prepare for the worst. With defence in depth, every possible measure should be taken to reduce cyber-risk and DNS blocking is classic way to reduce risk.