Friday, 27th November 2020

Telcos most frequent target of DNS attacks

Four out of five (83%) companies in the telecommunications & media sectors experienced a DNS attack last year.

EfficientIP has published data revealing that the telecommunications & media sector is the most frequent victim of DNS attacks. According to the IDC 2020 Global DNS Threat Report, organizations in the sector experienced an average of 11.4 attacks last year, compared to 9.5 attacks across industries.


Overall, more than four out of five (83%) of service provider organizations experienced a DNS attack. In addition to being well above the overall average of 79%, a successful attack on telecommunications providers can have especially far reaching consequences as outages may affect customers in a wide variety of sectors relying on 24/7 availability of networks. As well as a high attack frequency, telecommunications providers also tended to experience costlier attacks with over 8% of organizations stating that they had suffered damage costs of over $5 million as a result of a DNS attack.


The most common attack types used by hackers were phishing attacks (37%), DNS-based malware (33%), DDoS attacks (27%), lock-up domain attacks (22%), which may cause DNS resolvers to exhaust their resources, as well as DNS amplification attacks (21%) which can result in the break-down of company networks potentially causing serious economic damages and disruptions.


Successful DNS attacks commonly resulted in in-house application downtime, experienced by 60% of organizations and cloud service downtime, which was reported by 54% of telcos surveyed. As previous outages have shown, service disruptions can result in both severe brand damage and customer churn as dissatisfied subscribers of telecommunications providers may switch to competitors with a more reliable network. The report indicates that a quarter (25%) of providers experienced brand damage while almost a third (31%) reported a loss of business. Lastly, for 18% of telcos, DNS attacks resulted in the theft of sensitive customer info. This is especially concerning since a large amount of customer information is at the mercy of the network which is trusted to perform at the highest levels.


While a large share of respondents implement comparatively blunt countermeasures to mitigate attacks, with 60% of organizations shutting down affected processes and connections and 55% disabling applications, effective solutions and strategies are starting to be implemented. This includes Zero Trust strategies which 75% of companies are either planning, piloting or already running. Other improvements include automation of security management policies - currently adopted by 59% of telcos - and passing of valuable DNS event information to SIEM and SOC (Security Operations Center) for helping simplify threat detection and accelerate remediation.


Considering the high frequency of attacks, telecommunications providers are increasingly acknowledging the important role DNS security plays in maintaining service continuity: 77% of organizations see DNS security as integral for their business. Ronan David, VP of Strategy, Business Development and Marketing, EfficientIP, noted: “With COVID-19 having caused a large-scale shift to remote work, telcos rely more than ever on a stable network availability and the high capacity needed to serve customer’s requests as quickly as possible. A successful DNS attack can have far reaching consequences – not just for the affected provider but also for its customers experiencing disruptions and outages. An effective DNS security architecture is key to fend off attacks and avoid downtimes.”


With 5G rollouts becoming more and more frequent, telcos would do well to prioritize DNS security as part of their overall security architecture. Next to “Zero Trust” strategies, companies can also augment their threat visibility using real-time, context-aware DNS transaction analytics for behavioural threat detection. This allows telcos to detect all threat types and prevent data theft to help meet regulatory compliance such as GDPR.

Palo Alto Networks has introduced what it says is the industry’s first 5G-native security offering,...
Sophos has published the Sophos 2021 Threat Report, which flags how ransomware and fast-changing att...
Acronis has acquired CyberLynx, a leading Israel-based cybersecurity consultancy firm with a presenc...
Research uncovers critical cybersecurity and compliance risks.
Advanced ransomware recovery enhancements and technology integrations bring ability to identify, res...
Nearly half (49%) of organizations plan to extend Cognitive and AI capabilities for security to dete...
McAfee has launched MVISION Marketplace, MVISION API and MVISION Developer Portal, part of the MVISI...
Latest addition to Cloud One platform is ideal for those migrating their servers to the cloud.