What a bunch of rancour
Performance manager Netscout has warned mobile network operators to expect an onslaught of multi-vector attacks focused on dragging them down with botnet and app-layer direct-path attacks that target lone telcos rather customers of comms service providers (CSPs). The DDoS attacks on wireless telecoms increased by 79% since 2020, for some reason. The DDoS Threat Intelligence Report says DDoS alerts created 436 petabits of network traffic and, on one day in 2022 telco networks carried more than 75 trillion malignant packets. Application-layer attacks have risen by 487% since 2019. Direct-path attacks also surged in 2022, particularly in the second half of the year and made up more than 50% of all DDoS incursions reported.
Why is this happening to telcos? There are now more than a billion websites in use around the world. The Netscout report identifies the pro-Russian group Killnet as being a major originator of such attacks and notes that, prior to the invasion of Ukraine, Killnet attacks knocked out the country’s critical financial, government and media sites. “DDoS attacks threaten organisations worldwide and challenge their ability to deliver critical services,” said Richard Hummel, threat intelligence lead at Netscout, “with multi-terabit-per-second attacks now commonplace and bad actors’ arsenals continuing to grow in sophistication and complexity, organisations need a strategy that can quickly adapt to the dynamic nature of the DDoS threat landscape.”
The report says the US national security sector was hit by a 16,815% increase in attacks, thanks to the Killnet gang. Last year enterprises had 350,000 security-related alerts with botnet involvement, said Netscout analysts, who tracked over 1.35 million bots from malware families like Mirai, Meris and Dvinis. By contrast, service providers were ‘carpet bombed’, where they received approximately 60,000 alerts where bots were present. This technique simultaneously targets entire IP address ranges and increased by 110% between the first and the second half of 2022, with most attacks against ISP networks.
For some reason the optical instrument and lens manufacturing sector for Europe, the Middle East and Africa was targeted with a barrage of DDoS attacks that created a 14,137% increase in traffic, albeit against one major distributor, which reported 6,000 attacks over four months.
The new Netscout report was compiled from data collected by its ATLAS network. ATLAS was built over two decades through work with more than 500 ISPs to create a sensor network that provides visibility into more than 400 Tbit/s of international transit every second of every day. Thus ATLAS collects DDoS attack statistics from an average of 93 countries daily, encompassing over 50% of the world’s internet traffic.