Be on your guard: The rising risk of Data Frauds

The telecom industry around the world is redefining communication services more rapidly than ever. The increasingly saturated mobile markets, disruption from OTT providers in core voice and SMS services and intense price competition are putting telecom operators under pressure. Operators are now reimagining their business systems and exploring alternate revenue streams, thereby leading to an upward trend in revenue from data services.

However, this also means that the frauds occurring over the data network are serious as attackers take advantage of loopholes in the existing systems. Data fraud adversely affects the network, quality of experience, brand value, revenue, customer experience, etc. This point was reinforced in the CFCA’s 2021 Fraud Loss Survey wherein, Data Charging Bypass accounted for a loss of $1.91 bn, Data Service reselling accounted for a loss of $1.43 bn, and Abuse of data service terms and conditions accounted for $0.32 bn. Furthermore, this was listed as one of the major factors for the total increase of 28% in global fraud loss compared to the 2019 survey. It is anticipated that this trend is only going to increase.

How does this occur?

The various techniques used to carry out this fraud which includes free URL masking, DNS Tunneling, HTTP header injection, etc.

DNS Spoofing: Domain Name Server (DNS) spoofing is an attack in which altered DNS records are used to redirect online traffic to a fraudulent website that resembles its intended destination.

Methods for executing a DNS spoofing attack include:

• Man in the middle (MITM) – The interception of communications between users and a DNS server to route users to a different/malicious IP address.
• DNS server compromise – The direct hijacking of a DNS server, which is configured to return a malicious IP address.

DNS Tunneling Fraud: As the name suggests, tunneling is to tunnel or redirect traffic. The modus operandi of tunneling fraud is also to exploit the usage of paid content by masking the IP address. DNS tunneling involves the abuse of the underlying DNS protocol. Instead of using DNS requests and replies to perform legitimate IP address lookups, the malware uses it to implement a command-and-control channel with its handler. Fraudsters employ advanced techniques and hacking software to perform DNS tunneling or even carry out data tethering through unlimited data plan subscriptions, which leads to the abuse of fair usage policies, eventually impacting the operator’s revenue and overall customer experience.

HTTP Header Injection: In this, a host header injection exploits the vulnerability of some websites to accept host headers indiscriminately without validating. Many applications rely on the host header to generate links, import scripts, determine the proper redirect address, generate a password reset links, etc. So, when an application retrieves the host header, it may end up serving malicious content in the response injected there. The attacker can tamper with the host header in the request and result in web cache poisoning, password reset poisoning, access to internet hosts, cross-site scripting, etc.

The way forward for telcos is to look at incorporating a proactive defense mechanism that couples signature detection with behavior heuristics techniques. It should monitor multiple parts of a telco network, starting at the IP layer and going up to the application layer to detect telecom fraud and security breaches early on. Also, it is essential to incorporate deep packet inspection to look for mismatched set-up and tear-down sessions in near-real-time. Technologies such as AI/ML are paramount, as multiple data frauds can be unique to every MNO, and ML is ideally suited to protecting against the ‘unpredictable.’ Furthermore, it is vital to have an efficient reporting system that quickly flags suspicious usage patterns. All of this will protect CSP revenues, so they channel it into improving service and experience quality, upgrading their networks, and confidently taking up new projects.

One stop solution to address all types of telecom frauds across Voice, Data and Digital Services

Request Demo

Harish Gangadhariah Devarahatti

Harish works with Subex as a Technical Product Manager for Fraud management and is also a part of the business consulting group as an SME for a signaling security solution. He has more than 7 years of experience in the space of fraud and risk. He has abundant experience working with telcos across the globe on implementing signaling solutions and VAS products.