- Wireline networks suffered the most DDoS attacks in 2H 2024, said Netscout – much more than wireless and other industries
- The Salt Typhoon telecom hack has mounted concerns about network security
- As telcos dabble with AI, so are hackers as automation makes it easier to breach networks
Wireline operators have bigger problems than just clunky legacy infrastructure – they’re also more vulnerable to cybercrime and hackers than their wireless counterparts, according to Netscout.
Indeed, wired carriers faced a whopping 524,445 DDoS attacks from July to December 2024, per Netscout’s latest Threat Intelligence report. That’s way more than the wireless industry, which recorded only 24,433 attacks.
Given how ubiquitous smartphones are, you’d think the numbers would be in reverse. But wired is still where most users are at in most parts of the world, said Richard Hummel, director of threat intelligence at Netscout.
“Naturally, DDoS attacks trend in favor of these networks,” he told Fierce. “Additionally, just because we categorize attacks as against Wired networks doesn’t mean they are always the end target, but they are the entity in the path of the attack.”
One notable exception to the rule is the APAC region, where wireless carriers “are a staunch rival” of wireline operators, Hummel noted. Think India, where telcos Bharti Airtel and Reliance Jio have primarily targeted the mobile segment of the country.
Of course, both wired and wireless networks face their fair share of network vulnerabilities. On the wireless side, the future of 5G application programming interfaces (APIs) will likely focus on security and fraud prevention applications, analysts told Fierce in December.
Salt Typhoon
The importance of network security – and resiliency – in telecom became a frontburner issue when U.S. operators last year fell victim to Salt Typhoon, which is believed to be the largest telecom hack in the nation’s history.
And the Salt Typhoon hackers are still going at it, with Wired reporting in February that they are exploiting Cisco routers to breach the networks of telcos and other organizations.
“I think there's just a general under-appreciation for how aggressive they are being in turning telecommunications networks into Swiss cheese,” Levi Gundert, researcher at cybersecurity firm Recorded Future, told Wired.
Telecom networks also serve as “test subjects” for attackers to refine new DDoS methods before they target other industries, noted a recent Zayo report. But that’s because these networks have a large attack surface area, featuring “varying complexities of infrastructure” and “multiple targets with multiple points of entry.”
Is AI to blame for increased DDoS attacks?
Amid all the hype surrounding AI, there’s also concern that the technology is making it easier for hackers to breach network security.
AI has become “integral” for DDoS-for-hire-platforms, said Hummel. Those are services that let users rent access to networks of compromised devices so they can execute attacks.
“Most prominent DDoS platforms in the underground have captcha-bypassing solutions, and all of them have automated nearly every aspect of launching an attack, from scanning and recon to scheduling and even automated tweaking of the attack during runtime,” he explained.
As you can imagine, automation makes it pretty easy for even a novice hacker to infiltrate a network.
These developments come as operators like AT&T, Comcast, Verizon and others are dabbling into AI to see if it can improve operations as well as maximize return on investment.
But as telcos do this, do they run the risk of making their networks more vulnerable to bad actors? “The short answer is maybe,” Hummel said, though he noted automation itself does not increase nor decrease cybersecurity risk.
Then again, when organizations use technology that’s not yet fully understood, risks come with the territory.
AI and automation are by design “accelerators of things,” he added, which in turn raise concerns around how safe it is actually to use the technology.
“Nevertheless, at some point, AI will become essential, if not mandatory, for effectively dealing with cyber threats,” Hummel concluded. “Security teams should embrace technological advances to help them defend better, smarter and faster.”