Why post-Covid DDoS gangs have their sights aimed on telecoms

Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Ashley Stephenson, CTO, for Corero Network Security, looks at some of the exceptional security challenges accompanying the Covid pandemic.

The world looked quite different just over a year ago. Not only has the world gone through an event unprecedented in its scale but it has fundamentally repositioned many aspects of the global economy, technology and our lives. IT, telecommunications and the cyber-threat landscape have transformed considerably. Our reliance on telecommunications has deepened significantly and cybercriminals have evolved in kind.

DDoS gangs appear to have taken a real interest in telecoms over the last few years, reaching its high watermark over the last year. This is at least partially fuelled by the ever increasing need the wider world has for connectivity and the resultant reliance on telecommunications to provide that connectivity. Hackers see an opportunity here. The greater the need for a thing, the greater a price one can extract for withholding it. That’s one potential reason, Ransom DDoS attacks on Telecoms targets have spiked in the last year.

One notable example was a late 2020 attack on a Norwegian Telecoms provider. On the 12th of October, Telenor Norway found itself at the barrel-end of a 400 Gbps Ransom DDoS attack which shut down much of their online operations. They soon heard from the attackers who demanded that they pay 20 Bitcoins (roughly €200,000) to stop the onslaught. Telenor thankfully did not pay the ransom and had systems in place to deal with an attack like this.

Others are not so lucky. A recent report from Cloudflare showed that the first quarter of 2021 was a particularly tough month for telecoms companies. The sector was heavily pursued according to the report and was the target of the most DDoS attacks for the first quarter of year. Its first place position runs in stark comparison to fourth quarter of 2020, when it was the sixth most attacked industry.

Another report from Akamai pre-pandemic, showed that the telecoms sector already experienced a 210% increase in DDoS attacks over 2019. The report goes on to note that the largest attack brought with it a flood power of 568 Gbps a second and lasted seven days.

This spike seems largely fuelled by our ever-increasing reliance on telecommunications. Consider the incredible trust we put in providers during the COVID-19 pandemic, who we relied upon to work, keep us connected to the outside world and pass those long lockdowns with our sanities intact.

Take mass remote working, which was rolled out at breakneck speed soon after lockdown orders came in. Although vaccines are rolling out and workers are heading back into offices, mass remote working will likely remain a staple of modern working life. It seems popular with both employees and employers – the former enjoying the newfound flexibility and the latter gaining from the increased employee productivity. If this bandwidth-heavy practice is to become the new normal it will further deepen our reliance on telecoms.

Furthermore, telecommunications are on the verge of another digital revolution: 5G. This development promises to have profound effects on the technological landscape. At its most basic level, 5G will enable faster mobile connectivity globally. That development in turn will produce a range of new services, products and businesses, soon to be unbound by the speed limits of 4G and other previous iterations. 5G’s champions talk of its potential to usher in smart cities and revolutionise the way we use IoT devices.

This is still a long journey ahead, however. Telecommunications providers will have to maintain previous iterations of this technology such as 3G or 4G, while building out their own 5G infrastructures. This is an expensive task to achieve and one that could leave telecommunications in a vulnerable state.

Furthermore, service expectations on telecoms companies are growing. Increasingly telecoms companies are expected to provide a clean pipe to their customers. Corero previously commented: “When the bill from the water company (arrives), I don’t imagine anyone being too happy paying for a contaminated supply. People can justifiably look at their Internet service in the same way. If a provider isn’t including effective security as a part of its service offering they may send useless and potentially harmful traffic across their customers’ networks.”

In kind, there will be ever greater pressure to meet Service Licence Agreements (SLAs) as companies come to depend on them even more to ensure continuous service. According to a 2020 report by Omdia, entitled Connecting the Dots: Key Strategic Opportunities in a Post-COVID-19 World, this is likely to be followed through on in government legislation. Its authors predict that “Governments will continue to reluctantly step in to further democratise spectrum and to guarantee access and minimum SLAs for citizens and businesses.”

It’s developments like these which make telecoms such a sensitive area. The unfortunate fact is that hackers like nothing more than a soft underbelly. Downtime can be crushing for enterprises. Research has shown that the cost of downtime in 2019 for the average organisation was somewhere between $300,000 and $400,000 an hour. When those enterprises are contractually and even legally obliged to continue uninterrupted service – that problem becomes much bigger.

It’s amidst the sensitivity of the telecoms industry and the trust that the world places in it, that cybercriminals see an opportunity to cash in. As a critical part of life for people all across the world, telecoms need protection from predatory DDoS gangs who see an opportunity to restrict a particularly vital resource and charge a ransom for its return. It is no coincidence then, that ransom DDoS attacks seem to be making a spirited comeback, as we saw in the aforementioned attack on Telenor.

Telecoms are in a precarious position, and hackers know that. Still, companies can look towards scalable real-time DDoS detection and protection to head off this looming threat.

As Chief Technology Officer, Ashley Stephenson leads the company’s global DDoS mitigation solution strategy. A seasoned executive with a proven track record in the technology industry, he brings a notable record, having co-founded or led several technology companies as Chairman or CEO. An IT industry executive and Internet technology entrepreneur, Stephenson has operating experience in the United States, Europe and Asia. As CTO he drives Corero’s global strategy, focusing on the company’s growth by capitalizing on its market leading real-time DDoS mitigation offerings and strong blue-chip customer base. Previously, Stephenson was CEO of Reva Systems, acquired by ODIN, and Xedia Corporation, acquired by Lucent. He was awarded “CEO of the Year” by the Massachusetts Telecommunications Council for his work at Xedia Corp. In recent years he has spent the majority of his time providing strategic advisory services on the evolution of the global IT market.