Telecommunication Security Use Cases – Security Boulevard

Attacks made against telcos and internet service providers (ISPs) have steadily risen. Distributed denial of service (DDoS) attackers launched an 11-day attack against a Chinese telco in 2017 — breaking the DDoS record that year. That same year, Kaspersky Lab reported a 20GB per second siege that lasted an hour, reflecting a new trend of long and extensive attacks of DDoS. In early 2020, a DDoS attack took down 25 percent of the Iranian internet.

The Growing Telco Threat

Another growing mode of attack against telcos is the SIM swap scam, which allows hackers to take control of an individual’s mobile identity. Hackers have used it to drain millions from bank accounts and hijack the online personas of politicians and celebrities.[1] As SIM swap scam attacks mostly target telco subscribers, it remains hard to detect until it is often too late or when victims find their bank accounts drained and social media accounts seized.

With the increase in attacks from multiple pathways, how can telcos effectively manage today’s risks while speeding up detection and mitigation of modern threats? Below are three practical use cases to defend against the three most common damaging cyberattacks:

1. Use Case: Detect Possible Distributed Denial of Service (DDoS) Attacks

DDoS attacks have become one of the most common attacks targeting the telco industry in recent years.[2] Swift detection of DDoS early before it overwhelms the capacity of connected devices is critical as it quickly becomes more challenging to redirect or conduct black hole routing of DDoS traffic once that occurs. In this use case, we will detect an attacker that aims to launch a DDoS attack to crash an application or host and any attempt to prevent authentication services for subscribers.

Utilizing LogRhythm’s out-of-the-box rule to detect possible DDoS attacks gives telco security teams the capability to detect DDoS attempts early on before hosts or services become overwhelmed and unavailable. With risk-based prioritization (RBP) value incorporated within LogRhythm’s alarm, security teams can also quickly prioritize and drill down on riskier threats in their IT or OT environment.

LogRhythm dashboard showing risk based prioritization and possible DDoS detected

Figure 1: RBP and summary on possible…