Telcos most frequent target of DNS attacks

EfficientIP has published data revealing that the telecommunications & media sector is the most frequent victim of DNS attacks. According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries.

Overall, more than four out of five (83%) of service provider organizations experienced a DNS attack. In addition to being well above the overall average of 79%, a successful attack on telecommunications providers can have especially far reaching consequences as outages may affect customers in a wide variety of sectors relying on 24/7 availability of networks. As well as a high attack frequency, telecommunications providers also tended to experience costlier attacks with over 8% of organizations stating that they had suffered damage costs of over $5 million as a result of a DNS attack.

The most common attack types used by hackers were phishing attacks (37%), DNS-based malware (33%), DDoS attacks (27%), lock-up domain attacks (22%), which may cause DNS resolvers to exhaust their resources, as well as DNS amplification attacks (21%) which can result in the break-down of company networks potentially causing serious economic damages and disruptions.

Successful DNS attacks commonly resulted in in-house application downtime, experienced by 60% of organizations and cloud service downtime, which was reported by 54% of telcos surveyed. As previous outages have shown, service disruptions can result in both severe brand damage and customer churn as dissatisfied subscribers of telecommunications providers may switch to competitors with a more reliable network. The report indicates that a quarter (25%) of providers experienced brand damage while almost a third (31%) reported a loss of business. Lastly, for 18% of telcos, DNS attacks resulted in the theft of sensitive customer info. This is especially concerning since a large amount of customer information is at the mercy of the network which is trusted to perform at the highest levels.

While a large share of respondents implement comparatively blunt countermeasures to mitigate attacks, with 60% of organizations shutting down affected processes and connections and 55% disabling applications, effective solutions and strategies are starting to be implemented. This includes Zero Trust strategies which 75% of companies are either planning, piloting or already running. Other improvements include automation of security management policies - currently adopted by 59% of telcos - and passing of valuable DNS event information to SIEM and SOC (Security Operations Center) for helping simplify threat detection and accelerate remediation.

Considering the high frequency of attacks, telecommunications providers are increasingly acknowledging the important role DNS security plays in maintaining service continuity: 77% of organizations see DNS security as integral for their business. Ronan David, VP of Strategy, Business Development and Marketing, EfficientIP, noted: “With COVID-19 having caused a large-scale shift to remote work, telcos rely more than ever on a stable network availability and the high capacity needed to serve customer’s requests as quickly as possible. A successful DNS attack can have far reaching consequences – not just for the affected provider but also for its customers experiencing disruptions and outages. An effective DNS security architecture is key to fend off attacks and avoid downtimes.” 

With 5G rollouts becoming more and more frequent, telcos would do well to prioritize DNS security as part of their overall security architecture. Next to “Zero Trust” strategies, companies can also augment their threat visibility using real-time, context-aware DNS transaction analytics for behavioural threat detection. This allows telcos to detect all threat types and prevent data theft to help meet regulatory compliance such as GDPR.