What are the reasons for the huge increases and how successful is the response?
Telecom networks are critical infrastructure, so it’s no surprise they are under constant attack. According to recent reports, distributed denial of service (DDoS) attacks are growing – that is flooding networks with traffic – to render them useless.
Last year DDoS alerts created 436 petabits of traffic and, on one day in 2022, telco networks carried more than 75 trillion malignant packets, according to performance manager NetScout’s DDoS Threat Intelligence Report.
Undermining Ukraine
The situation has been amplified by Russia’s invasion of Ukraine last year. Netscout’s report identifies the pro-Russian group Killnet as being a major originator of such attacks. Prior to the invasion of Ukraine, Killnet’s cyber-assaults knocked out the country’s critical financial, government and media sites.
Telecoms operators are “high-value targets” because their networks act as the backbone for sectors including finance, healthcare and government, says Dmitry Kurbatov, Co-Founder and CTO of telecoms security specialist SecurityGen. “Disruption can trigger significant economic and political impacts, making these networks attractive targets for state-sponsored actors or groups with political motivations.”
Although DDoS attacks are not used directly to steal company data, they can cause serious reputational damage and have catastrophic consequences for critical service providers such as telcos, says Mike Spanbauer, Senior Director and Technology Evangelist at Juniper Networks.
Worse, he says, DDoS can even be used as a distraction technique, enabling the adversary to gain access to the network via other means. “As security staff are dealing with a massive influx of traffic, suspicious activity can be more difficult to effectively flag.”
It is with this in mind that Mattias Fridstrom, VP and Chief Evangelist at Arelion says operators see cyber security as increasingly important. “It is an area where they are both enhancing their own capabilities as well as seeking further advice from their internet service providers. This combination is really important as we all need to protect networks in as many locations as possible. No enterprise or smaller ISP can keep everything protected on their own anymore.”
5G increases the risk
The rapid growth of subscribers and the adoption of 5G wireless technology for both mobile and IoT devices have considerably expanded the potential attack surface, Kurbatov says. This increases vulnerability to attacks and also provides a larger pool of devices that can be conscripted into so-called botnets to perform cyber-assaults on others.
5G has amplified the number of unregulated entry points that hackers can exploit, increasing the risk of data breaches, agrees Matt Poulton, General Manager and Vice President EMEA and APJ at Forescout. “The complex architecture and increased interconnectivity of 5G networks create a broader attack surface, meaning there is a higher risk of exposure in the underlying software stack,” he warns.
5G networks themselves also introduce the potential for an increase in DDoS attacks, says Chen Arbel, Associate Vice President Innovation and Strategy at Thales. “The increased bandwidth, lower latency and vast device connectivity potential of 5G creates opportunities for malicious actors to launch devastating DDoS attacks.
“The high speed nature of 5G networks enables attackers to generate massive volumes of malicious traffic, overwhelming targeted systems and causing service disruptions. The increased bandwidth can also amplify the volume of attack traffic and maximise impact.”
No shortage of other threats
Beyond DDoS, mobile operators need to be on alert for other security threats – with companies’ employees providing one of the most common routes of entry. For example, email phishing attacks designed to manipulate individuals into gaining access to telecom operator systems come with serious consequences, says Manish Mangal, Global Head of 5G and Network Services Business, Tech Mahindra. “Compromised customer data, financial losses and reputational damage are just a few of the significant impacts of a successful socially engineered attack.”
Session Initiation Protocol (SIP) hacking, used in most voice-over-IP (VoIP) communications, is another prime target for malicious hackers, says Mangal. Hence operators need strong encryption over Transport Layer Security (TLS) and Real-Time Protocol (RTP) to protect all data transmissions, he says.
Mitigating the threat
There are other steps that can be taken to mitigate the DDoS threat. According to Kurbatov, protection against DDoS and other forms of cyber-attacks calls for a multi-layered approach. “This includes establishing a robust security infrastructure, maintaining constant monitoring, developing an effective incident response strategy and providing ongoing staff training.”
To fight DDoS attacks on 5G networks, traffic filtering, rate limiting, and anomaly detection can be implemented at the network level, says Arbel.
Behavioural analysis and machine learning can help to detect and mitigate 5G-based DDoS attacks by leveraging advanced analytics to identify patterns and anomalies in network traffic, he says.
Investment is key. While many network operators are taking steps to safeguard their systems, there are certain areas where their efforts fall short, says Kurbatov. Some operators may not perceive themselves as likely targets for DDoS attacks, or they might underestimate the potential impact. This can lead to inadequate investment in necessary security measures.”
Overall, it is important to take the well-known measures needed to keep all firms secure, such as patching, risk assessments, data encryption and network segmentation. This will help ensure an attack doesn’t bring the whole network down and the damage can be controlled, says Mangal.
Good news
Network operators must ensure their staff are frequently trained on the latest threats and security best practices, he adds. “Without regular training, staff might not effectively identify or respond to an attack.”
At the same time, collaboration and information sharing is crucial between network operators, service providers and security experts, says Arbel. This should cover threat intelligence as well as proactive measures against 5G-based DDoS attacks.
It’s not a new concept. Collaboration is already starting to happen and focused groups are emerging – including the industry-wide initiative The DDoS Traceback Working Group. Established in 2022, the largest backbone networks operators are working together to track “spoofing-friendly” networks, says Fridstrom.
The initiative is looking to encourage customers to implement anti-spoofing mechanisms to shutdown bad client networks, he says. “This work has already proven to be successful and has made it much more difficult for the DDoS attackers to operate.”