Telecoms is evolving – and unfortunately, so are DDoS attacks

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)

If you set up a Google news alert for DDoS (distributed denial-of-service), you’d quickly be overwhelmed by the weekly attacks. It’s been relentless for 25 years, and for telcos, which lie among the pile of victims, these attacks are growing more varied.

They’re getting larger, too. It’s just that the form of these attacks against telcos is changing, largely spurred not just by the evolution of DDoS attacks, but also by the evolution of telecoms themselves. Let’s examine the impact more closely.

Death by downtimes

Whatever conniving scheme a bad actor conjures up, the goal of any DDoS attack method is universally the same: overwhelm the target until they go offline.

The two most common attack vectors of this include HTTPS Floods and NTP Amplifications. The former comprised one of five attacks and grew the average attack size by more than 180% in the last year. It sends servers into timeout hell with incessant answer requests for downtime. On the other hand, NTP Amplifications make up one in four attacks and similarly overflow servers with data to force downtime mode by exploiting a time-keeping protocol.

These attacks are not just an inconvenience. In 2019, Facebook’s 14-hour outage cost the company $90 million. This would be a killing stroke for a smaller company, but even the largest telcos are certainly not immune. If anything, they’re a tempting target for attackers because telcos (and their infrastructure) have evolved from being simple traffic carriers to underpinning business communications and critical infrastructure.

From an attacker’s perspective, that’s a lucratively massive attack surface. If you cut off a communication service provider’s (CSP) service-critical function, all its customers will fall like dominoes. Last year, we saw several cases of the havoc an outage could cause, including nearly half a million dollars in compensation claimed by customers affected by the Optus network outage.

That’s just what the threat towards consumers looks like. The real scare will be how attackers use the effectiveness of this threat as a springboard to commit targeted acts that jeopardize national security.

Donny Chong

Director at Nexusguard.

What carpet bombing with DDoS looks like

Unfortunately, the evolution of telecoms infrastructure isn’t the only thing exacerbating DDoS attacks. The attack methods are transforming into something far more specialized for telcos, as seen in ‘bits and pieces’ attacks – or as some call it, ‘carpet bombing’.

Rather than flood a single system with repeat requests ad infinum, ‘bits and pieces’ attacks mask their large influx of traffic by spreading smaller packets of requests amongst legitimate traffic across the whole network. This makes the ‘junk’ traffic much harder for cybersecurity methods like thresholds and firewalls to detect.

In some ways, this attack is more nefarious and devious than traditional attacks. It might not take its targets offline, but jamming the IP with bad traffic risks damaging the quality of service and potentially breaching customer agreements. We’ve already established the monetary damage outages can cause, but ‘bits and pieces’ present the risk of a far slower death to a telco’s reputation, which relies entirely on the quality of its connectivity. Such loss would undoubtedly impact future business.

You have a rather poisonous stew when you combine those ‘bits and pieces’ with 5G and data-hungry AI-enabled applications. The traffic volume will grow significantly across networks, presenting even more hiding spots for these attacks.

Light at the end of the (traffic) tunnel

This means telcos have more problems with DDoS than ever before.

Telcos aren’t oblivious to the threat. A report from A10 Networks in 2023 showed that IT professionals within CSPs are investing in strengthening network security against DDoS attacks. However, the advancements made to threat detection are matched by similar (if not greater) advancements on the DDoS threat actors' side.

Telcos will need to apply some care in the protection they implement. Too little means exposing oneself to attacks, and too much will incur too high a cost that ultimately gets passed down to consumers in an already cruel global economy.

To get themselves out of the mess, telcos will need to look towards turning this nasty security problem into their financial gain, integrating DDoS protection into their CSP product offerings. The result should be a powerful bundle that is just as much about managed security as connectivity. The best of both worlds is safer customers and a new revenue stream.

We've featured the best productivity tool.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

Donny Chong is Director at Nexusguard. Donny has over fifteen years of experience assisting ISPs worldwide to productize anti-DDoS services in their local markets, having helped define Nexusguard's managed DDoS protection services.

TOPICS