How DNS Security Protects the Most Targeted Industry: Telecoms

The past year has only increased the pressure placed upon the telecoms and media industry as companies continue their transition to the hybrid working model post pandemic and organizations continue to implement 5G. The rise in demand has left mobile operators and ISPs increasingly prone to threat actors using DNS to target the industry. The impacts of these cyber threats are felt globally, as telecoms provide the infrastructure needed to go about our daily lives, from our work to our private conversations. Smart DNS security therefore becomes a “must have”.

The scale of telecoms infrastructure means the attack surface area is one of the largest out of all industries, owed to the fact that the industry manages large DNS servers to provide users around the world with the means to communicate instantly and at scale. It’s not only the size of the industry that makes it an increasingly popular target for threat actors. The sensitive information and contact details about users and customers that the telecoms industry stores make it an obvious focus for those aiming to sell or misuse customer data.

The immediate threat of DNS for telecoms

Our 2021 DNS Threat Report with IDC revealed that out of all the industries surveyed, telecoms experienced the highest number of DNS attacks, experiencing on average 8.59 attacks over the past year. The industry also has the second highest financial cost of attack out of all respondents at an average of almost $1M per attack ($996,890).

But it isn’t only the financial costs that have a detrimental impact on the industry. Telecoms was the most likely industry to have customer information stolen, with over a quarter (29%) of the organizations surveyed reporting they had experienced stolen sensitive customer data as a result of a DNS based attack. DNS attacks also led to cloud service downtime (50%) and application downtime (51%), which affect service continuity. The loss of trust and reputational damage resulting from data breaches and service downtime can easily lead to customer churn and thus impact the company’s success.

The telecoms industry appeared to be more prone to certain DNS attacks, being the most likely industry to experience a DDoS (Distributed denial-of-service) attack with 36% of telecoms surveyed having experienced one within the past year. The industry was also the most likely to suffer a DNS based malware attack (46%), and phishing was also extremely high at 49%. These attacks proved difficult to mitigate, taking over four and a half hours per attack – 30% of those surveyed in the industry said they lost business and brand damage as a result.

Protecting subscribers, apps and data using DNS

Although the industry may already be taking the first steps in tackling the above issues – 82% of telecoms surveyed reported DNS security to be critical to them – these thoughts must be met by suitable action if the risks are to be successfully alleviated. When faced with a DNS attack, 47% shut down the DNS server, while 38% disabled the affected applications. These responses lead to services and apps becoming unavailable, so should really be replaced with more adaptive countermeasures.

On the positive side, telcos seem to be keen to adopt zero trust strategies to protect their users, apps, and data, with 78% stating they are either running, implementing, or planning zero trust. DNS can be considered as a key component for enabling zero trust. It has visibility over pretty much all internet traffic, so analytics data from a purpose-built DNS Security solution can help power a Security Orchestration, Automation and Response (SOAR) platform. DNS can also be vital in helping to resolve any security holes which can be left by an intrusion prevention system (IPS) or firewall. In addition, businesses should look to couple DNS with other security components including Data Loss Prevention (DLP) and Network Access Control (NAC) to ensure they are better protected from data breaches.

How EfficientIP can help 5G and IoT rollout

As well as helping simplify architecture, EfficientIP’s high-performance DNS servers with built-in security features bring value for mitigating DDoS attacks, improving access control to apps and infrastructure, protecting end users, and safeguarding data.

By making use of DNS as their first line of defense, telecoms can be sure they are detecting threats earlier and acting on these before the lasting damage has occurred. The DNS service is vital for any IP and internet communication. It handles connection intent between a user and an application server, by resolving the name to a technical IP address. This excellent viewpoint allows DNS to provide a first layer of security, allowing abnormal access requests to be filtered out.

Using the DNS security natively provided by our patented DNS Guardian solution, EfficientIP can help 5G providers enhance their access security on dedicated slices for both enterprises and IoT/ V2V.

This security barrier, which appears at the earliest point in the traffic flow, is made possible by combining threat intelligence with behavioral client analysis, making use of blacklisting or whitelisting capability down to the individual client. This is made possible thanks to the quick response time of the Guardian on unknown attack sources and malware traffic. By extension the advanced filtering function available at the DNS level, in the DNS Firewall solution, allows specific business filtering such as parental control or anti-malware filtering close to the user’s device.

In the Threat Report, 77% of telcos surveyed stated that they believe client query filtering using DNS domain deny and allow lists are highly valuable for Zero Trust, as they improve access control to vital apps and infrastructure. New revenue-generating premium offers consequently become available to operators, bringing simple ways to gain competitive advantage.

Lastly, for offering end user protection, SOLIDserver DNS servers are able to secure integrity of any answer using the DNSSEC solution. This can be critical for healthcare devices (to avoid confidential data breaches), for IoT (to avoid DDoS attacks), and for connected vehicles (to avoid hijacking). In addition, SOLIDserver DNS servers can also allow ciphering of the data traffic between the connected device and its first resolver through DNS over TLS (DoT) or DNS over HTTPS (DoH).

Being the most targeted industry, telecoms organizations must employ a defense strategy that proactively protects its business and prioritizes the safety of its customers’ data. As organizations continue to make use of 5G, IoT and edge, telecom providers should look to DNS as the first line of defense to stop the spread of attacks. By utilizing a smart DNS based solution, the telecoms industry can uphold its reputation, deliver on 5G and ultimately improve its bottom line.