How Telecommunications Providers Can Best Tackle DDoS Attacks

Written by Terry Young, Director of Service Provider Product Marketing, A10 Networks

The UK’s 2023 National Risk Register, published by the government in the summer, highlights the increasing cyberthreat posed to telecommunications providers who are a vital part of the communications critical national infrastructure (CNI) sector. The report lays out the volatile landscape these providers operate in and the government’s acknowledgement of the seriousness of cyber threats to telecommunications infrastructure. It also details the difficulty in implementing the Telecommunications (Security) Act 2021, which establishes guidelines for telcos to follow.

The risk register reinforces the need for telcos to strengthen their overall security posture and improve resilience against service-impacting attacks, such as DDoS attacks. The good news is that we have seen communication service providers (CSPs) responding to these higher threats and tighter compliance requirements. Our 2023 research, which surveyed 2,750 senior IT professionals in CSPs, suggests that they are investing in enhancing their network security to counter increasingly sophisticated cyber threats such as DDoS attacks.

Adopting a defence-in-depth approach

Over the last two years, CSPs have made significant progress in upgrading their cyber defences. In our inaugural CSP 2021 study, we found the highest priority security investments were for more basic security upgrades such as firewalls. This year, however, while firewall upgrades were still the highest priority, we found respondents aiming for a more mature, multi-layered, and defence-in-depth approach to security.

With 68% of all 2023 respondents expecting network traffic volumes to increase by over 50% in the next two-three years, firewalls and other security appliances must be routinely upgraded just to handle the increased traffic volume. Despite this, the percentage prioritising firewalls dropped from 48% in 2021 to 28% in 2023.

The growing importance of DDoS detection and monitoring

Other investments deemed nearly as important as firewalls were DDoS detection and monitoring, automation of security policies, investment in ransomware and malware protection services, and threat intelligence. Respondents also indicated interest in simplifying and integrating disparate point solutions.

This all points to a higher focus on security investments overall and a greater focus on capabilities that enable a more proactive approach rather than reactive response, such as DDoS detection (now the second highest priority) versus reactive DDoS attack mitigation (the least important priority) in the 2023 survey.

Additionally, with telecommunications considered a critical infrastructure, telecommunications organisations have a unique responsibility to protect the availability of their networks, data, and services. With two-thirds of respondents planning to extend their networks to unserved and underserved communities, protection of network availability and subscriber privacy is critical to their ongoing success.

This is an increasingly complex task as traffic volumes surge, and they build out to more remote and vulnerable communities. To achieve this, we recommend telecommunications providers should follow the below key steps:

  • Prioritise security investments to protect all domains. This includes the network itself, customer databases, customer facing services such as websites, and internal IT systems. Many DDoS attacks and security breaches in CSPs are targeting customer proprietary data.
  • Replace legacy DDoS defence systems and deploy new technologies that enable more granular detection using AI, machine learning, threat intelligence, and other capabilities that match the increasing sophistication of attacks.
  • Leverage automation to simplify management, improve control over network resources, and guarantee uptime.

Intelligent and automated DDoS protection solutions

DDoS protection is clearly a critical part of CSPs’ infrastructure but, while they need to stop malicious traffic, they need to do this without disrupting legitimate traffic. This is where intelligent and automated DDoS protection solutions that provide scalable, economical, precise and intelligent capabilities are important in order to help CSPs ensure optimal user and subscriber experiences. CSPs should be using solutions that efficiently identify abnormal traffic, automatically and intelligently mitigate the identified inbound DDoS attack, and provide a centralised point of control for seamless DDoS defence execution.​

So, what should telecommunications companies look out for to prevent a DDoS attack?

  • A sudden and/or unexpected increase in traffic. Though there are legitimate reasons to receive more traffic, a sudden increase should be checked.
  • System slowness or non-response. Websites can load slowly, or not at all, for many reasons—this doesn’t mean a DDoS attack is in progress, but it should be investigated.
  • Unusual traffic patterns. For example, when current traffic deviates from normal traffic patterns, such as inconsistent traffic with a typical user base, and receiving traffic at unusual hours.
  • Increase in traffic to a single endpoint. This is when part of your system, such as a specific URL, suddenly receives a high amount of traffic compared to others.
  • A high volume of traffic from a single IP or small range of IPs. This indicates that these addresses could be part of a larger botnet.

A market expected to reach $7.45 billion by 2030

Recent research emphasises the significant impact of DDoS attacks, with the latest data indicating a 200% increase in DDoS attacks in the first half of 2023. The research showed telecommunications companies experienced the most attacks, accounting for roughly half the overall attack volume. This is one reason why the global DDoS protection and mitigation market is expected to reach $7.45 billion by 2030.

As we look to 2024, the telecommunications industry will continue to focus on technologies such as cloud computing, standalone 5G, AI, and the Internet of Things (IoT) to offer better speed, scalability, and innovation. To support those new technologies, telecommunications providers will also need to continue to shore up their cybersecurity architectures and, while our research shows that progress has been made, there needs to be more of a focus on a layered and defence-in-depth approach, particularly where DDoS attacks are concerned.