The danger facing critical infrastructure from DDoS attacks targeting telecoms networks

Denied Distribution of Service (DDoS) attacks are an established and now-typical part of the cybersecurity landscape. But, since their first arrival on the scene over 25 years ago, the core of the average DDoS attack hasn’t really changed. Sure, there have been advancements in technology but they still serve the same purpose as they did during that very first attack on a commercial internet provider -- bringing their victims offline.

The way in which an attack can do this using DDoS has changed over time, with a movement towards more targeted attacks, allowing for specific websites or servers to be attacked rather than the entire network having to be taken offline. DDoS attacks have also become wildly more popular and commonplace as they’ve become easier and more accessible to carry out. They’ve even become a market of their own, with some threat actors even offering them as a service online.

Despite all of these developments suggesting a move to a more personal attack motive behind modern-day DDoS, the most targeted sector for DDoS attacks in 2023 was the telecoms sector, according to research published this year. This is due to the increasing reliance of critical infrastructure on the telecoms sector and Internet Service Providers (ISPs). As we’ve seen digital transformation sweep the globe, many critical functions are now wholly reliant on network providers. Any threat actors wanting to target critical network infrastructure now only have to target the telecoms provider underpinning it.

How AI Enables Cyber/DDoS Attacks

While DDoS attacks may not have changed much, the landscape around them certainly has, and with the proliferation of AI across pretty much every industry on the planet, it’s no surprise that cyberattacks have also received an AI upgrade. AI has moved so fast that the UK’s National Cyber Security Centre (NCSC) released a report this year to warn organizations of the risks posed by AI adoption to cybersecurity defenses.

AI-driven techniques are helping threat actors attack even the most sophisticated cybersecurity programs. Machine learning (ML) algorithms are being used to more effectively identify vulnerabilities, predict patterns and exploit weaknesses, far faster than any human could. The automation of these processes also allows attackers to gain tactical advantages over traditional cybersecurity methods by deploying DDoS attacks instantaneously. Once inside the system, AI-enabled DDoS attacks can also now adapt and evolve in real-time to bypass any countermeasures deployed against them.

This does sound fairly doom and gloom for cybersecurity systems but while attackers can benefit from AI support, so can those defending against AI-enabled DDoS attacks. In fact, earlier this year, research showed that nearly 50 percent of enterprises are already using a combination of AI and ML tools to improve their cybersecurity, with 92 percent intending to adopt these kinds of tools in the future. AI in particular can be used to identify and combat security threats that are becoming harder to spot manually, from DDoS attacks to zero-day exploits and polymorphic malware. These tools are perhaps most useful in a supportive role, enabling the automation of the more mundane tasks, and freeing up time for security professionals.

Reliance of CNI On Internet Service Providers As An Integral Piece Of The Puzzle

So, we’ve established how attackers and cybersecurity professionals alike can both benefit from the use of AI but why are ISPs being targeted by DDoS threats so extensively?

Blame digital transformation. Many countries across the globe are in the process of, or already have, overhauled governmental services by integrating new technologies, digitizing records, and so forth. By developing new iterations of public services, governments can offer improved accessibility and reliability for citizens. But, this comes as a double-edged sword as government and utilities sectors are now reliant on the connectivity provided by ISPs. Now, if an attacker wanted to target a piece of critical infrastructure, they would now have the option to just target the networks underpinning them.

This development has even led to ISPs becoming classified as part of the critical network infrastructure in the UK due to the fact that any loss or compromise to service could cause large-scale loss of life or a serious impact on the national economy. The European Union’s NIS2 Directive also goes as far as to label digital infrastructure as an essential entity that will now require higher levels of cybersecurity under this new legislation.

Whats happening now?

It seems like a bad time to be an ISP serving CNI, but it’s key to remember that while DDoS attacks are getting an AI boost, so are ISP defenses. The cadence of DDoS attacks is also a consideration here, attacks on CNI tend to have geo-political motives and as such, have natural peaks and troughs over time, ISPs won’t be facing a constant influx of attacks.

The importance lies with ISPs utilizing AI-enabled cybersecurity defenses to protect themselves from DDoS attacks. Simply put, protecting critical infrastructure organizations from increasing levels of threats requires collaboration between security specialists and ISPs to safeguard these essential public services.

Photo Credit: Fabio Berti/Shutterstock

Donny Chong is director at Nexusguard.