Cyber Security
How Telecommunications Providers Can Best Tackle DDoS Attacks
Written by Amr Alashaal, Regional Vice President – Middle East at A10 Networks
There is an increasing incidence of cyber threats posed to telecommunications providers. There is a definite need for telcos to strengthen their overall security posture and improve resilience against service-impacting attacks, such as DDoS attacks. The good news is that we have seen communication service providers (CSPs) responding to these higher threats and tighter compliance requirements. Our 2023 research, which surveyed 2,750 senior IT professionals in CSPs, suggests that they are investing in enhancing their network security to counter increasingly sophisticated cyber threats such as DDoS attacks.
Adopting a defence-in-depth approach
Over the last two years, CSPs have made significant progress in upgrading their cyber defences. In our inaugural CSP 2021 study, we found the highest priority security investments were for more basic security upgrades such as firewalls. This year, however, while firewall upgrades were still the highest priority, we found respondents aiming for a more mature, multi-layered, and defence-in-depth approach to security.
With 68% of all 2023 respondents expecting network traffic volumes to increase by over 50% in the next two to three years, firewalls and other security appliances must be routinely upgraded just to handle the increased traffic volume. Despite this, the percentage prioritising firewalls dropped from 48% in 2021 to 28% in 2023.
The growing importance of DDoS detection and monitoring
Other investments deemed nearly as important as firewalls were DDoS detection and monitoring, automation of security policies, investment in ransomware and malware protection services, and threat intelligence. Respondents also indicated interest in simplifying and integrating disparate point solutions.
This all points to a higher focus on security investments overall and a greater focus on capabilities that enable a more proactive approach rather than reactive response, such as DDoS detection (now the second highest priority) versus reactive DDoS attack mitigation (the least important priority) in the 2023 survey.
Additionally, with telecommunications considered a critical infrastructure, telecommunications organisations have a unique responsibility to protect the availability of their networks, data, and services. With two-thirds of respondents planning to extend their networks to unserved and underserved communities, protection of network availability and subscriber privacy is critical to their ongoing success.
This is an increasingly complex task as traffic volumes surge, and they build out to more remote and vulnerable communities. To achieve this, we recommend telecommunications providers should follow the below key steps:
- Prioritise security investments to protect all domains. This includes the network itself, customer databases, customer-facing services such as websites, and internal IT systems. Many DDoS attacks and security breaches in CSPs are targeting customer proprietary data.
- Replace legacy DDoS defence systems and deploy new technologies that enable more granular detection using AI, machine learning, threat intelligence, and other capabilities that match the increasing sophistication of attacks.
- Leverage automation to simplify management, improve control over network resources, and guarantee uptime.
Intelligent and automated DDoS protection solutions
DDoS protection is a critical part of CSPs’ infrastructure but, while they need to stop malicious traffic, they need to do this without disrupting legitimate traffic. This is where intelligent and automated DDoS protection solutions that provide scalable, economical, precise and intelligent capabilities are important to help CSPs ensure optimal user and subscriber experiences. CSPs should be using solutions that efficiently identify abnormal traffic, automatically and intelligently mitigate the identified inbound DDoS attack, and provide a centralised point of control for seamless DDoS defence execution.
So, what should telecommunications companies look out for to prevent a DDoS attack?
- A sudden and/or unexpected increase in traffic. Though there are legitimate reasons to receive more traffic, a sudden increase should be checked.
- System slowness or non-response. Websites can load slowly, or not at all, for many reasons—this doesn’t mean a DDoS attack is in progress, but it should be investigated.
- Unusual traffic patterns.For example, when current traffic deviates from normal traffic patterns, such as inconsistent traffic with a typical user base, and receiving traffic at unusual hours.
- Increase in traffic to a single endpoint. This is when part of your system, such as a specific URL, suddenly receives a high amount of traffic compared to others.
- A high volume of traffic from a single IP or a small range of IPs. This indicates that these addresses could be part of a larger botnet.
A market expected to reach $7.45 billion by 2030
Recent research emphasises the significant impact of DDoS attacks, with the latest data indicating a 200% increase in DDoS attacks in the first half of 2023. The research showed telecommunications companies experienced the most attacks, accounting for roughly half the overall attack volume. This is one reason why the global DDoS protection and mitigation market is expected to reach $7.45 billion by 2030.
In 2024, the telecommunications industry will continue to focus on technologies such as cloud computing, standalone 5G, AI, and the Internet of Things (IoT) to offer better speed, scalability, and innovation. To support those new technologies, telecommunications providers will also need to continue to shore up their cybersecurity architectures and, while our research shows that progress has been made, there needs to be more of a focus on a layered and defence-in-depth approach, particularly where DDoS attacks are concerned.
Cyber Security
AmiViz Champions Cybersecurity Innovation at Leading MENA Events
AmiViz has announced its successful participation in two key regional cybersecurity conferences: MENA ISC 2024 in Saudi Arabia, and CYSEC UAE 2024 in the UAE. These events have served as a platform for AmiViz to collaborate with its top vendors, including Bitsight, Cequence Security, Picus Security, AlgoSec, BlackBerry, Check Point, Tenable, Asimily, and Threatcop, to showcase cutting-edge cybersecurity technologies and solutions.
Throughout these events, AmiViz engaged deeply with partners and customers, gaining invaluable insights into the unique cybersecurity challenges faced in the region. The focus was on promoting new technologies that address these challenges and enhance security protocols for businesses operating in the dynamic Middle Eastern market.
“Our presence at the MENA ISC 2024, and CYSEC UAE 2024 has been a remarkable opportunity for us to not only present our innovative solutions but also to understand firsthand the needs and pain points of our clients,” stated Ilyas Mohammed, COO at AmiViz. “Collaboration with our key vendors has allowed us to offer a comprehensive suite of cybersecurity products and services that cater specifically to the complexities of this region.”
AmiViz’s participation in these events underscores its commitment to advancing cybersecurity readiness and resilience across the Middle East. By leveraging strategic partnerships with leading global vendors, AmiViz continues to bring state-of-the-art cybersecurity solutions to the forefront, helping businesses protect their critical assets against increasingly sophisticated cyber threats.
AmiViz, along with its key vendors, will continue participating in major tech events, with plans for a strong presence at GITEX next month. Following GITEX, the company is gearing up for Black Hat in Saudi Arabia this November, showcasing its cutting-edge cybersecurity solutions to the region.
Cyber Security
UAE and Saudi Arabia Face Unprecedented 70% Rise in Threats: Positive Technologies
Positive Technologies experts have unveiled comprehensive research on the shadow market of cybercriminal services targeting the Gulf countries. The UAE and Saudi Arabian organizations remain in the crosshairs of cybercriminals, and over half of all posts on darknet forums are about selling data and access to local companies’ infrastructures. Researchers have highlighted a sharp increase in the free distribution of such data on the dark web, along with a surge in reports of DDoS attacks targeting the public sector and other industries. One in five ads analyzed was related to buying or selling access, with two-thirds available for under $1,000.
According to the research, cybercriminals remain focused on the two largest economies in the region—the UAE (40% of all posts) and Saudi Arabia (26%). The spotlight on darknet forums is on the public sector, which accounted for 21% of all analyzed posts. Most of the data (63%) related to regional government institutions was published for free as part of hacktivist attacks. Next in line for most popular on the dark web are commerce (16% of all ads), the service sector (15%), and financial institutions (13%).
Amid geopolitical tensions, hacker groups have ramped up calls for DDoS attacks and breaches to disrupt government institutions in the region. In the first half of 2024, the number of reports on the results of DDoS attacks on the dark web surged by 70% compared to the same period in 2023. Beyond the public sector, hacktivists also targeted the financial and transportation sectors.
According to the research, 33% of all the analyzed ads were linked to data breaches. One-third of these messages were about selling information. In these ads, criminals primarily offered databases stolen from major commerce companies, with an average cost of $2,300.
Positive Technologies analyst Anastasiya Chursina commented, “When compared to our previous research over a similar period, the share of freely distributed data almost doubled (up to 59%). This allows criminals to broaden the profiles of potential victims for targeted attacks. If the victim refuses to pay the ransom, both ransomware groups, as well as hacktivists (whose goal is to draw public attention to a political stance rather than just receive financial gain), can distribute data for free.”
Accessing company information resources is the second most common type of dark web ads, making up 21% of all listings. According to the research, in 70% of all cases, access can be bought for less than $1,000. The vast amount of access-for-sale ads on the darknet and their low cost make it easier for cybercriminals to gain initial access and launch attacks on organizations in the region.
Positive Technologies recommends that companies build their defences based on result-driven cybersecurity, using modern tools such as application-level firewalls, including cloud versions, network traffic analysis systems, solutions for monitoring information security events and managing incidents, as well as metaproducts.
Cyber Security
BotGuard OÜ to Offer Live Demos at GITEX GLOBAL 2024
BotGuard OÜ will present its intuitive, user-friendly cybersecurity solution at GITEX GLOBAL 2024, focusing on effective bot protection. Live demonstrations in Hall 25 stand H25-21 will showcase the ease and efficiency of the technology in securing websites against malicious attacks. “Our participation in GITEX GLOBAL 2024 underscores our commitment to addressing the escalating malicious bot attacks faced by organizations worldwide,” said Bertil Brendeke, Chief Revenue Officer (CRO) of BotGuard OÜ. “At GITEX, we aim to engage with industry leaders and stakeholders, sharing our expertise and practical technologies that can help fortify their defences.”
In 2023, 17% of API attacks involved bad bots exploiting business logic vulnerabilities. For hosting companies, such vulnerabilities can lead to unauthorised access to sensitive customer data or control over hosting resources, further emphasizing the need for reliable security protocols and regular audits of their systems. “BotGuard OÜ’s solutions are designed to address these exact challenges, enabling businesses to safeguard their digital assets. The technology is incredibly easy to use, making it accessible for businesses of all sizes,” the company said.
By participating in GITEX GLOBAL 2024, BotGuard OÜ aims to expand its reach in the Middle East, providing local businesses with the tools they need to combat cyber threats effectively. During the event, live demonstrations in Hall 25 stand H25-21 will showcase how their website protection can be set up within a minute. These demonstrations will highlight the efficiency and effectiveness of BotGuard’s solutions.
-
Cyber Security1 week ago
Global Cybersecurity Efforts Gain Momentum, But More Action Needed
-
Cyber Security1 week ago
Proofpoint Sets New Standard for Human-Centric Security
-
Homeland Security1 week ago
Homeland Security Market is Expected to Surpass $900 Bn By 2032
-
Homeland Security1 week ago
Lockheed Martin Delivers C-130J Super Hercules to Egypt
-
Events1 week ago
GITEX Digi_Health 5.0 Expo-Summit Asia Launches in Thailand
-
Cyber Security2 days ago
UAE and Saudi Arabia Face Unprecedented 70% Rise in Threats: Positive Technologies
-
Cyber Security2 days ago
BotGuard OÜ to Offer Live Demos at GITEX GLOBAL 2024
-
Cyber Security13 hours ago
AmiViz Champions Cybersecurity Innovation at Leading MENA Events