Skip to content

DNS Threat Intelligence for Telco Networks

The 2023 IDC Threat Report shows 94% of Telcos suffer DNS attacks, each costing $1.2M. At the same time, DNS Threat Intelligence offers a way to evolve to proactive defense. Learn how smart DNS security enhances ransomware detection, data protection and service uptime.

November 7, 2023 | Written by: Surinder Paul | , ,

Cyber Threat Intelligence Dns Threat Intelligence Idc 2023 Global Dns Threat Report

Telecommunications is everywhere, enabling businesses across all industries to collaborate, and employees to communicate. Compounded by 5G and IoT, telcos manage increasingly complex infrastructures and store a large amount of sensitive data. It’s therefore no wonder they are the highest attacked vertical, as confirmed by IDC’s 2023 DNS Threat Report. From personal use to government level, proactive protection of telco networks is critical. For this, insights gained from DNS Threat Intelligence are now recognized as being foundational.

Ever-Evolving Networks Increase Threat Potential: DNS Plays a Critical Role for Mitigation

Networks of today’s communications service providers (CSPs) now span private, public and hybrid clouds, incorporating Multi-access Edge locations. Consequently, the potential for security threats has increased dramatically. The expanding number of access points resulting from widespread deployment of devices outside the traditional datacenter has created a huge threat surface exploitable by cybercriminals. Any service failure or data breach resulting from a cyberattack causes substantial reputational as well as financial damage. 

On top of endpoint protection, security teams are required to overcome blind spots, minimize false alerts, proactively identify areas of risk, and execute investigation and response activities in a timely manner. For that, they require expanded visibility in order to identify modern threats, simplify investigations, and accelerate efficient incident response.

Smart DNS security plays a critical role for the above aspects, helping enable better threat mitigation. Every internet communication begins with a DNS request, and malware relies on DNS for communications. With this superior visibility over network traffic, DNS therefore becomes your natural first line of defense, offering an opportunity to detect, very early, threat activity missed by other solutions. Even evasion techniques such as tunnels, lookalike URLs, or Demand Generation Algorithms (DGA) are able to be exposed. Adding DNS-centric threat intelligence and analytics to a DNS server allows blocking of resolution or connection to websites known to be hosting malware. Additionally, data exfiltration over DNS can be stopped at the source.

Rising Frequency of DNS Attacks Enhances Risk of Service Downtime and Customer Churn

Amongst the key challenges faced by telcos and ISPs today are ensuring secure data transmission and preventing unauthorized access. The distributed, remote workforce, together with IoT device explosion brought by 5G, have significantly increased the attack surface. So network security has unsurprisingly become the top investment priority for telcos, now involving many elements, not least of all DNS. Once DNS is compromised, cybercriminals can use it as a vector to launch attacks, extract data, disrupt services and cause extreme financial damage.

The latest IDC Threat Report offers some alarming stats, showing that 94% of CSPs are victims of DNS attacks, each suffering on average 7.9 attacks per year. The average cost per attack is $1.2M, the 2nd highest,  behind only the finance sector. 

The main attack types used against telcos include:

  • Phishing 49%
  • DDoS 40%
  • DNS Tunneling 37%
  • Ransomware 36%

Impacts of DNS attacks have proven to be very severe, ranging from application downtime, Cloud service downtime and data theft, to brand damage. With the numbers rising year after year, it’s really time for telcos to take action if they want to avoid service downtime or prevent customer churn. Many of the current defenses being used, such as shutting down the DNS service or disabling affected apps, are inappropriate. In addition, the lack of automation for management of network security policies is worrying. 38% still use mainly manual processes for this, leading to inaccurate or inconsistent policy deployment, as well as inefficiency. 

Fortunately some good initiatives are also being taken. 53% of telcos add filtering rules on DNS servers to block requests on specific DNS records, and 44% make use of auto remediation from a security solution. 

Protect against Ransomware and Data Theft with DNS Analytics and DNS Filtering

By leveraging purpose-built DNS Security which delivers automatic monitoring, service providers can take an important step towards proactive threat detection. Analysis of DNS traffic helps identify unusual patterns of traffic, unveiling for instance unknown (zero-day) malicious domains being used by ransomware for data exfiltration. Unfortunately, only 43% of telcos are currently using DNS Security for Ransomware protection, far below the average of 54% across all industries.

In addition, DNS filtering is an effective way to thwart an attack before it causes any damage. Access to known malicious domains is blocked,  thus preventing ransomware from communicating with its command and control (CnC) servers. DNS filtering also enables blocking of access to known phishing sites, which helps prevent ransomware attacks being initiated in the first place.

Why DNS Threat Intelligence is a Cornerstone of Network Security

Threat intelligence has emerged as a pivotal aspect of cybersecurity defense, with 61% of telcos considering it a vital component of their strategy to defend against cyberattacks. For developing their attack, 85% of malware use DNS, making specialized DNS Threat Intelligence a foundational component of an effective security strategy for any organization. 

Disappointingly, DNS data is being severely underutilized by CSPs. 43% of telcos perform no analysis on their DNS data, and only 14% use it today for Threat Intelligence. This is the lowest number across all verticals.

A DNS feed is a key component of DNS Threat Intelligence – as stated by IDC in the report: “For an effective threat intelligence strategy, making use of a DNS threat intelligence feed is a no brainer”. By implementing and offering this proactive level of defense benefiting from the latest developments in AI/ML, telcos can meet growing customer demand for better protection against phishing and malware. Greater filtering capability for usages such as parental control is also made possible. This will help improve customer satisfaction, while contributing to compliance with security regulations.

Advanced DNS Protection for Service Providers Maintains Service Availability: DNS Threat Intelligence is Key

Service degradations and outages, caused for example by DDoS attacks targeting DNS infrastructure, are a significant cause of subscriber churn. Among the security tools available to telcos, nothing is as cost-effective as DNS. EfficientIP is a leader in DNS security with its secure DNS caching, real-time analytics, behavioral threat detection, adaptive countermeasures, and massive volume of DNS intelligence data. 

Valuable security event information and contextual data can be automatically shared with multiple vendor platforms such as NAC, SIEM or SOAR tools. Consequently, SecOps efforts are significantly reduced, resulting in simplified, accelerated remediation.
EfficientIP’s smart DNS Security solutions for CSPs help maintain service availability and performance to enhance UX and customer loyalty. Without a doubt, leveraging SOLIDserver DNS Security will help you move smoothly from reactive to proactive defense.

Want to learn more?

Discover how to strengthen your security posture by leveraging DNS!