Skip to main content

How new attacks and outages are posing new challenges for CSPs

security
(Image credit: Shutterstock / Khakimullin Aleksandr)

Last year was a banner year for cybercriminals. When the Covid-19 pandemic forced people to stay home, they turned to the Internet for work, social connections and entertainment. With people spending more time than ever before online, the number of potential targets -- and cyberattacks -- skyrocketed. In March 2020, distributed denial of service (DDoS) attacks were up 341.21 percent compared to the year before, according to research.

Communications service providers (CSPs) — especially Internet Service Providers (ISPs) — were among the prime targets, suffering more attacks than other sectors. Recent data has indicated that 301 ASN-level CSPs in 23 countries were taken down by bit-and-piece attacks, which drip feed junk traffic across a large IP pool to paralyze the target.

Several factors make service providers especially vulnerable. Their huge customer base and a pandemic-fueled spike in data traffic attracts cybercriminals, who take advantage of the fact that many CSPs don’t invest sufficiently in security-apps-related services. The growth in the Internet of Things (IoT) and connected devices, which introduces more endpoints on a network, also presents new opportunities for more sophisticated attacks. In some cases, service providers are collateral damage: DDoS attacks that take aim at just one of their customers can bring down the whole network.

The consequences of disruption are potentially catastrophic for communications service providers, who must not only offer customers uninterrupted connections and the maximum speed for critical operations, but also protect against data breaches and safeguard privacy.

Common attack strategies

The reasons behind individual DDoS attacks differ. While financial gain is often a prime motivator, there are others ranging from political benefits to revenge to simple personal amusement. In general, large scale DDoS attacks are the result of group efforts, not usually lone actors, but with all having a specific goal and agenda in mind.

Cybercriminals are successfully using several types of attacks against communications service providers these days, including more sophisticated, bit-and-piece “carpet bombing.” These launch amplification and other types of UDP-based (User Datagram Protocol) attacks to flood target networks with traffic. This can defeat (evade) threshold-based and host-based detection/mitigation countermeasures that are widely applied to a CSP's network.

We are also seeing more small-sized, short attacks dubbed “invisible killers.” Extortion and ransom DDoS (RDDoS) attacks against a range of industries are on the rise, as well, capitalizing on the growing popularity of anonymous cryptocurrency payments.

With 5G cellular becoming more prevalent and widespread, there is a growing threat of terabit attacks. Given that these can transmit more than 10Gbps, attackers must target only 100 devices or so to generate a full terabit attack. Taking down even one part of a service provider’s core infrastructure can cripple a network.

Looking ahead, the data cautions that CSPs and other organizations that rely on threshold and signature-based detection methods may very well experience major outages from newer, more evasive denial of service attacks.

How CSPs and enterprises can protect themselves

Most organizations think they will not be targeted by cyberattacks, and when they fall victim, they’re caught flat-footed and scrambling to respond. Security should always be a top priority, native-integrated approach, not an afterthought or a fortunate byproduct of another infrastructure initiative.

External customers expect and demand always-on, high-speed service with data security, and they are likely to go elsewhere if a CSP does not deliver on the service level agreements (SLA). Internal users, too, have high expectations, as they will not tolerate having their day-to-day operations, or their ability to serve customers, compromised.

The most effective defense is a hybrid strategy combining on-premises and cloud-based mitigation technologies that can be used together or separately. Platforms powered by machines with big data and deep learning capabilities can also help not only with identifying and classifying customer traffic, but also with developing up-to-date defenses against constantly changing attacks.

However, many service providers do not have the expertise or personnel to handle advanced threats. Nor are they willing and able to make the sizable investment required. They can easily run into millions of dollars for a sufficient network to provide global DDoS protection, considering start-up costs, maintaining technology, and providing internal as well as external support.

A partnership with an experienced managed service provider (MSP) powered by artificial intelligence (AI) and machine learning (ML) addresses all these issues. For example, new approaches in the market remove the hardware barriers and upfront costs associated with typical anti-DDoS service ramp-up, providing service providers with the necessary hardware and operational support while lowering their overall risk.

Further, by partnering with a proven MSP, communications organizations can bring lucrative new products to market – and fast. In as little as three months, it has been shown that a CSP can transform into a Managed DDoS Protection as a Service provider with a complete suite of managed cybersecurity offerings. These services are exactly what customers need right now, resulting in a win-win situation, while raising value in their eyes.

Prioritize security 

Such measures take on a new urgency given current threat levels and the expectation that attacks will continue to grow more numerous and more sophisticated. Organizations that rely on threshold and signature-based detection methods will experience severe outages as a result of distributed denial of service attacks and the emergence of small-sized attack traffic.

The effectiveness of authentication-based mitigation will be further tested as application attacks are predicted to double in 2021/2022. We predict ransom DDoS attacks will increase by 30 percent, and DDoS attacks of 10Gbps or less will account for 99 percent of all attacks. These predictions reinforce the need for CSPs to bolster their security and efforts to protect their networks, infrastructures and their customers.

It is imperative for communications service providers and internet service providers to make security a top priority. Organizations must be prepared for attacks, but also invest the time and money to make their networks less attractive to attackers in the first place. By taking these measures, service providers can not only protect their operational capability but also enable further growth.

Juniman Kasman, chief technology officer, Nexusguard

Juniman Kasman is chief technology officer for Nexusguard. As CTO, Juniman is responsible for advanced technology aspects within Nexusguard, from the development of the company’s technology vision to research, architecture, and development for its solutions.