It's no fun being a telecom security specialist these days. Distributed denial of service (DDoS) and botnet attacks on service providers’ services, infrastructure and customers are more frequent and ferocious than ever. Even worse, cyber criminals have learned how to turn some of the very devices designed for telecom security into attack vectors, according to a recent global survey of service providers.
About half (49%) of service providers that operate data centers reported a firewall or intrusion prevention system (IPS) outage due to a DDoS attack. Those systems, which are designed to prevent unauthorized access by carefully inspecting every request, can easily be overwhelmed by even a moderately-sized DDoS attack, said Carlos Morales, vice president of global sales engineering and consulting at Arbor Networks.
The transition to next-generation protocols IPv6 and DNS Security Extensions (DNSSEC) may also open service providers to DDoS vulnerabilities. Both contain features intended to increase security, but these features also slow down how quickly devices can process requests, making them attractive targets for hackers to create bottlenecks, Morales said.
"Unfortunately, what we're seeing is [that] the threat-to-defense gap is really the widest it's been since the inception of DDoS, when there really were no defenses against it," he said. "There are certain pockets of operators that do a lot more and invest a lot more, but there are also pockets that are woefully behind."
Last year saw the first report of a 100 Gbps DDoS attack, more than a hundredfold increase in attack size from 2009, as reported by telecom security vendor Arbor Networks in its sixth annual Network Infrastructure Security Report. The dubious milestone marks a thousand-fold increase in attack size since Arbor began the survey in 2005.
"How many networks really do have 100 Gbps of access? There are a select few … and [that capacity] is typically not in one place, so what we're talking about here is an attack that could take out 99% of the content in the world," Morales said.
Service providers must learn "to defend in a different way" in order to fight these new threats, Morales said. A local perspective on telecom security threats is deadly. Instead, telecom security specialists should adopt a broader perspective of the sources of attacks and the tools available to cyber criminals.