Lumen: DDOS attacks on the rise with telcos accounting for 76% in 1Q-2022

Telecommunications companies continued to be key targets for distributed denial of service (DDoS) attacks in Q1 2022, as the number of attacks jumped 32% year on year, according to a new Lumen report. Of the top 500 largest attacks, the telecom industry accounted for a whopping 76%. That compares to just 9% of the biggest attacks in Q1 2021.

The telecom industry fielded 1,487 attacks in the 1st quarter of 2022, according to Lumen’s Quarterly DDoS Report. The largest bandwidth attack hit 775 Gbps and the largest packet-based threat reached 70 Mpps. Lumen said the former was the largest bandwidth attack ever to come through its scrubbing center. The longest attack lasted for four days, and just over two-thirds of incidents were multi-vector attacks.

Key Findings:

  • The number of DDoS attacks that Lumen scrubbed in Q1 2022 increased by 66% compared to Q4 2021, and by 32% compared to Q1 2021.
  • Of the 500 largest attacks in Q1, 97% targeted the Telecommunications, Gaming, Software and Technology, Hosting, and Government verticals.
  • Lumen protected one organization from more than 1,300 DDoS attacks – more than 20% of the total number of attacks scrubbed during the entire quarter.
  • The same organization accounted for the largest bandwidth attack that has ever passed through Lumen’s scrubbing centers at 775 Gbps.

“Our first-quarter data shows just how important it is for businesses to maintain solid cyber defense strategies,” said Beth Kohler, senior director of Security Product Management for Lumen. “Anyone can be the target of a large attack at any time. Even a few minutes of downtime can cause serious damage to a company’s operations, revenue and reputation. Because the highly targeted customer uses Lumen’s Always-On DDoS Mitigation Service with Rapid Threat Defense, many attacks are blocked before they can do any damage. We can only imagine the harm these criminals could have caused to our customer (and their customers) had these attacks succeeded.”

Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs, told Fierce the growing size of both the bandwidth and packet attacks is significant because such threats affect the network in different ways.

“Bandwidth per second can just overwhelm and flood a particular link or connection, especially if done in a certain way, such that nothing else can make it through that pipe,” he explained. “Instead of saturating the actual bandwidth that can be transmitted through the pipe, with packets per second you can overwhelm the gear that’s doing the processing itself.”

That includes things like CPUs and routers and other equipment tasked with helping maintain a firewall, Dehus said.  “So, the continued growth we’re seeing on both fronts is alarming and concerning,” he added.

Other Findings:

  • The largest packet rate-based attack scrubbed in Q1 was 127 Mpps, which was more than double what Lumen mitigated in Q4.
  • The longest DDoS attack period Lumen mitigated for an individual customer in Q1 2022 lasted five days.
  • Thirty two percent of all DDoS mitigations were single-vector, TCP SYN flooding attacks. This indicates that many actors are still relying on simple, tried-and-true attack methods.
  • Multi-vector attacks seem to be the tactic of choice for the gaming and telecommunications sectors represented 38% of all DDoS mitigations.

References:

https://ir.lumen.com/news/news-details/2022/Lumen-mitigated-DDoS-attacks-that-targeted-a-single-company-more-than-1300-times/default.aspx

https://tinyurl.com/Q1DDoSReport

https://www.fiercetelecom.com/telecom/single-telecom-accounted-20-ddos-attacks-q1-lumen-finds

https://www.fiercetelecom.com/telecom/lumen-finds-a-third-largest-ddos-attacks-q3-targeted-telecoms