DDoS Attacks Against CSPs: What You Need to Know
We’ve all seen the news stories detailing DDoS attacks against banks, consumer retailers and media publications.
However, 85 percent of communication service providers (CSPs) report that DDoS attacks against their organization are either increasing or maintaining their pace.
Ponemon Institute published a report in March 2019, “The State of DDoS Attacks Against Communication Service Providers,” sponsored by A10 Networks.
That report took a look at the threats faced by CSPs, and the data makes it clear they hunger for better intelligence to prevent DDoS attacks.
Here we’ll be discussing the report findings, including that:
- CSPs are vulnerable targets for DDoS attacks.
- Certain types of DDoS attacks against CSPs reign supreme.
- Current DDoS solutions aren’t cutting it.
- CSPs want more from their DDoS solutions.
CSPs Are Vulnerable Targets for DDoS Attacks
As mentioned, 85 percent of CSPs say that DDoS attacks against their organizations are either on the rise or are continuing their aggressive pace.
By contrast, a mere 15 percent reported that such attacks are decreasing.
Why are CSPs such prime targets for attackers?
The answer can be at least partially found in their inability to mitigate the damaging effects of DDoS attacks.
Specifically, only 39 percent of respondents said their organization is either effective or very effective at detecting DDoS attacks.
Even worse, just 34 percent said they’re effective or very effective at preventing DDoS attacks from happening in the first place.
Given that many organizations have subpar DDoS defense systems, though, that aspect is only part of the equation.
Another part may lie in money: 48 percent of the survey’s respondents say that attackers seeking financial gain pose the largest threat.
It’s easy to see why CSPs feel that way. A Neustar survey of 849 organizations found that DDoS attacks caused a collective average loss of over $2.5 million in just 12 months.
With many CSPs expecting to experience more DDoS attacks with time, that number can add up quickly.
Attackers seeking financial gain aren’t the only threats, though.
CSPs are also wary of attackers who are using DDoS attacks as a smokescreen to cover up other attacks (40 percent), as well as those who perform attacks under the guise of testing a company’s IT infrastructure (35 percent).
Certain Types of DDoS Attacks Against CSPs Reign Supreme
While there are various ways to launch a DDoS attack, CSPs say that most attackers stick to a formula.
That pattern can be boiled down to botnet and reflected amplification attacks directed at the network layer.
When discussing their perceptions of DDoS attacks, 51 percent of CSPs agreed that DDoS attacks are mostly conducted with botnet and reflected amplification sources.
As far as specific types of attacks, network-level attacks dominated with a 60 percent share, followed by volumetric flood attacks with 56 percent.
With that in mind, it’s not a surprise that most CSPs cite the network layer as the greatest security risk in their IT stack (34.72 percent), followed by the application layer (15.97 percent) and the device layer (13.89 percent).
Whether they’re in the network layer or another part of the IT stack entirely, however, all DDoS attacks have serious consequences.
When ranking consequences by severity, CSPs revealed that diminished productivity for both end users and IT staff takes the cake, with revenue loss close behind.
Current DDoS Solutions Aren’t Cutting It
Difficult problems call for smart solutions. That’s why it’s troubling to know that most of this report’s respondents don’t find their current threat intelligence to be adequate.
When asked to identify the problems with their current threat intelligence:
- Seventy percent of CSPs said that it’s too stale to be actionable.
- Sixty-two percent said that it’s often inaccurate and/or incomplete.
- Sixty percent said it doesn’t properly integrate with other security measures.
Other answers included high false positive rates, management difficulties and overly complex processes.
Knowing that CSPs’ threat intelligence is so problematic, it makes sense that 63 percent cite a lack of actionable intelligence as being the most critical barrier to preventing DDoS attacks.
Second place went to a lack of sufficient personnel and in-house expertise (58 percent), and third was claimed by inadequate or insufficient technologies (55 percent).
CSPs aren’t just struggling to prevent DDoS attacks, either. They’re also having trouble mitigating the ones that hit.
When asked to rate their organization’s ability to moderate the impact of DDoS attacks on a scale of one to 10, 36 percent fell right in the middle with a rating of five to six.
The smallest percentage — just 11 percent — gave themselves a perfect 10.
CSPs Want More from Their DDoS Solutions
The results of the report clearly show that DDoS solutions that offer actionable intelligence are some of the most desirable.
Asked to describe the technologies that are most effective for mitigating the impact of DDoS-related threats, 68 percent of CSPs named those with network and traffic intelligence.
After all, a Sandvine report found that more than 50 percent of internet traffic is now encrypted.
Further, 63 percent named technologies that can quickly detect and contain DDoS attacks, and 61 percent named technologies which secure endpoints including mobile-connected devices.
In terms of defensive capabilities:
- Seventy-seven percent of CSPs say that the ability to scale during times of peak demand is essential.
- Seventy-four percent prioritize the ability to integrate DDoS protection with cyber intelligence solutions.
- Seventy-two percent prioritize the ability to integrate analytics and automation, as well as the ability to reduce the number of false positives.
All in all, it’s clear that CSPs are enticing targets for DDoS attackers, whether they’re motivated by money or are simply covering up another attack.
Moving forward, it’s crucial that CSPs recognize the vulnerable position they’re in and take action accordingly.
Based on the results of this survey, CSPs need to seek out technologies that:
- Provide up-to-date, actionable threat intelligence.
- Detect and contain DDoS attacks in real-time.
- Secure endpoints, mobile-connected or otherwise.
In order to make the most of those technologies, though, CSPs also need to address their own shortcomings by providing IT personnel with comprehensive training, so they can tackle the threats they’ll face.
With a combination of innovative solutions and internal expertise, CSPs can not only mitigate the effects of DDoS attacks, they can also prevent them.
Learn more about A10 DDoS detection & mitigation products and about the current state of DDoS attacks for communication service providers.