DNS Attacks Target Service Providers

The telecommunications sector among which we highlight Internet providers, often together with the media, are the ones that most frequently receive DNS attacks.

What is a DNS and what happens if there are problems in its operation

DNS comes from the acronym in English Domain Name System or Domain Name System . DNS servers are in charge of directing us to the address that we put in the address bar of our browser. The web pages are hosted on web servers with a specific public IP, therefore, when entering a domain name, the DNS server is in charge of giving us that IP to route the traffic. For example, if we write in the address bar 216.58.210.163 we will go to the Google website. DNS servers are in charge of translating what we write in an IP address. This is done because it is easier to remember names than numbers.

When DNS attacks are focused on service providers, being more saturated they could not perform that intermediation function, and then we would have problems resolving domain names, and, therefore, we will have problems entering the different websites. Regarding DNS, in this article we recommend not using your operator’s DNS .

DNS attacks focus on providers

The IDC 2020 Global DNS Threat Report from industry organizations found that they experienced an average of 11.4 attacks last year. However, if compared to all industries, we see that it is higher since they had 9.5 attacks in the same period of time.

A relevant fact is that 83% of the service provider organizations suffered a DNS attack . In contrast, the general average for other types of companies is 79%, which is a significant percentage.

An attack on an Internet operator can have very serious consequences. In this sense, interruptions can affect your customers who work in many sectors, and who need to have a permanent connection availability.

Consequences and types of most frequent DNS attacks

DNS attacks target service providers and this has its consequences. One is that 60% of organizations experienced internal application downtime. Additionally, 54% reported that they had had a cloud service downtime.

These service interruptions can cause severe financial damage to the company and the loss of customers. If a user is not satisfied with the service they receive, they will end up opting for a competitor that offers greater guarantees.

According to the report, 25% of suppliers experienced damage to their brand and 31% reported that they lost a share of business as a result of the attacks. A worrying fact is that 18% of companies that suffered DNS attacks resulted in the theft of confidential customer information.

As for the most common attacks they used were:

1. Phishing attacks: 37%.
2. DNS-based malware: 33%.
3. Domain lock attacks: 22%.
4. DNS amplification attacks: 21%.

Measures to improve the security of DNS servers

Companies are implementing solutions to solve the problem of attacks. Thus, 60% of the organizations have closed the processes and the affected connections. Additionally, 55% are disabling applications and effective solutions and strategies are beginning to be implemented. This includes zero-trust strategies, which 75% of organizations are planning, testing, or already using.

We also have to talk about the automation of security management policies that, according to the report, have been adopted by 59% of telcos. Additionally, another enhancement would be the transfer of valuable event information from DNS to SIEM and SOC to help simplify threat detection and speed remediation.

As DNS attacks target service providers, they recognize that the role of DNS security is becoming increasingly important. The company must offer its customers a continuous service without interruptions. In that sense, 77% of organizations see DNS security as an integral part of their business.

Finally, remember that a loss of service supposes an economic and prestige loss that are later difficult to recover.