How Telcos Overcome Rising DNS Attacks

Telecommunication operators control and run the critical infrastructure vital for communicating and storing large amounts of sensitive data. This makes them an obvious major target for cyber attacks, frequently using DNS as an attack vector to cause devastating impacts on internet connectivity and data confidentiality. According to a recent IDC security report, Telcos are the 2nd most targeted vertical, with 94 percent of them suffering DNS attacks. Other reports estimate each DDoS attack carried out through DNS costs over $220,000 an hour, excluding subscriber defection and brand damage.

But on the flip side, DNS also provides valuable insight to help ensure service continuity. The IDC report expands on this, offering valuable nuggets on how to use DNS as a key component of your security posture.

Telcos are at high risk for DDoS, data theft, and more

CSPs and ISPs must provide reliable, always-on internet connectivity to safeguard their reputation. They are heavily reliant on DNS as an essential connectivity component, so protecting DNS should be a no-brainer. Disruption to DNS servers means subscribers are cut off from the Internet and unable to access critical IT applications including email, websites, and VoIP. The average damage cost of a DNS attack on telco networks is estimated to have risen from $997k in 2021 to $1.16M in 2022, with some attacks costing over $5M (from IDC 2022 Global DNS Threat Report).

As the DNS protocol is easy to exploit for attacks such as DDoS or DNS hijacking, cybercriminals see it as a favorite target. The IDC Threat Report found that more Telcos suffered DDoS attacks than any other industry (37% vs an average of 30%), and a recent ENISA Telecom Security Incidents Report calculated that the general increase in DDoS attacks caused a loss of 55 million user hours last year.

Sensitive data is another high-impact target for bad actors confirmed by IDC’s report, showing that one in four (26%) CSPs are victims of data theft via DNS. Telcos routinely store personal information (names, addresses, email, credit card details…) about their subscribers, opening up risks of ransomware, customer extortion, or even financial theft.

Why including DNS in your security armor is a must

For protecting different aspects of their infrastructure, the array of tools adopted by telcos (IPSs, firewalls, etc.) does a fairly good job. However, they lack DNS understanding or visibility so become ineffective against certain DNS threats (Data exfiltration via DNS, for example, goes unnoticed by firewalls), meaning CSPs only become aware of attacks when their customers complain about slow network performance or other degradations.

What’s even more worrying is that the techniques used by CSPs and ISPs against DNS threats are still not adapted to ensure continuity of service: 27% shut down the DNS server or service, 33% disabled the affected apps, and 25% shut down part of network infrastructure. By using a purpose-built DNS security solution incorporating adaptive countermeasures, telcos would be able to keep their services going, quarantining suspicious activity while allowing legitimate queries to continue. Some good news though, is that telcos are starting to realize the importance of DNS, with 75% viewing DNS security as being critical for their network, and 61% stating that monitoring and analysis of DNS traffic is their top method for preventing data theft.

Within a service provider’s network, two critical areas which need protection are authoritative DNS servers and DNS caching servers. The authoritative DNS servers respond to DNS queries and connectivity requests from their customers, enabling web presence, e-commerce functions, and mobile IP connectivity. The DNS caching layer is important for responding rapidly to DNS queries ​​and limiting traffic recursing to the authoritative servers, in particular for commonly accessed websites, to ensure a good user internet experience.

DNS brings important value to IoT, Cloud, and Remote Workforce

The IDC report found that DNS is perceived as being important for IT initiatives. However, only 49% of telcos see the value of DNS for IoT security, which is below the average across industries. Considering the steep rise of connected devices associated with 5G networks, this is perhaps an area to look further into.

Importance of DNS Security for Remote Workers, Cloud, & IoT Deployments

How EfficientIP helps put IDC security recommendations into practice

Telcos are amongst the most targeted industries, so need a defense strategy that proactively protects their customers’ data while ensuring that vital services and apps are always available. As service providers accelerate slicing as part of 5G, IoT, and edge, they will no doubt benefit from heeding the three key IDC network security recommendations, which rely on using DNS as the first line of defense:

1. Prevent lateral movement of threats by creating an early security barrier
2. Enhance Shadow IT detection to reduce the risk of new vulnerabilities
3. Speed up threat remediation by improving NetSecOps collaboration

To stop threats from spreading, EfficientIP carrier-grade DNS security solutions offer a security barrier at the earliest point in the traffic flow, by combining threat intelligence with behavioral client analysis, making use of deny listing and allow listing. This becomes possible thanks to DNS Guardian’s rapid response time concerning unknown attack sources and malware traffic. DNS Guardian can consequently help enhance access security for IoT as well as on dedicated slices for enterprises. In addition, specific business filtering such as parental control or anti-malware filtering close to the user’s device is made possible using DNS Firewall’s advanced DNS filtering functionality. The IDC Report backs this up, showing that 87% of telcos see good value in using client query filtering using DNS domain deny and allow lists for improving access control to vital apps and infrastructure.

DNS’s visibility over almost all traffic intent makes it ideally placed to detect suspicious activity, and adding behavioral analytics on traffic offers an easy low-cost solution for handling Shadow IT. Lastly, SOLIDserver DNS contributes to enhancing NetSecOps collaboration by automatically sending DNS security events to SIEMs and SOCs, helping to simplify and accelerate remediation.

So in conclusion, in an era where the impacts of DNS attacks are rising sharply, leveraging a smart DNS security solution can greatly assist the telecoms industry to protect the sensitive data of their customers and subscribers, maximize the uptime of services and apps, and ultimately deliver on 5G. To evaluate your current security posture and receive advice on areas to improve, we invite you to try our free DNS Risk Assessment.