Cyberattacks beginning to affect mobile service too, study says

Mobile Network Operators say they’re starting to see DDoS attacks affect their networks.

151012 cambodia telecom tower
Martyn Williams

Distributed Denial of Service (DDoS) attacks are beginning to show up as a cause of mobile phone outages, according to respondents of a survey.

The Spirent-commissioned report surveyed 54 global Mobile Network Operators (MNO), polling them on their experiences with outages and service degradations. It found that DDoS attacks showed up for the first time in this year’s report. For comparison, cyberattacks didn’t surface at all the last time researcher Heavy Reading conducted the survey for Spirent in 2013.

Spirent is a test and service management firm for MNOs.

Wireless phone networks have increasingly become all-IP, Spirent explains. Hence they’re open to the same kinds of problems as other networks—including cyberattacks. It’s a relatively new problem for the MNOs.

“The mobile communications ecosystem is an all-IP environment” now, Spirent says. That’s a change since the 2013 mobile network reliability report. Then it wasn’t all Internet-based.

Another change since the first report is that "network failures" have emerged “as the single most common cause of network outages.”

“Network failures are now the leading cause of mobile network outages, where physical link failures were the primary cause a couple of years ago,” Patrick Donegan, senior analyst with Heavy Reading, said in an e-mail briefing.

While the researchers include the radio access network, transport network and routing as being in the network failure category, and found those three to be the most problematic, Internet access is also in that category, as is the data part of the mobile core, data center networks and the applications for them. Those elements often had outages and degradations, too.

It’s due to “the increased volume and variety of complex protocol interactions in the mobile networks,” they reckon. The top spot two years ago was physical link failures. Those kinds of failures have been mitigated recently by fiber and better microwave creating redundancy, the study says.


Cyberattacks are now on the radar. A notable event that the report mentions was Croatia's T-Hrvatski Telekom’s most-of-the-day mobile service shut down in September 2015. T-Hrvatski is a subsidiary of Deutsche Telekom. That outage was due to a DDoS attack.

Ironically, while it may be that MNOs are starting to see attacks on their own networks, those MNOs may have funneled DDoS themselves.

A new kind of mobile phone DDoS attack, launched by hackers, from smartphone ads was reported in September 2015. That attack, using JavaScript, was discovered by content delivery network and security firm CloudFlare. It discovered a DDoS attack that was creating 4.5 billion requests a day, targeting a client.

The advertisements, deriving from mobile phones in China, churned out 275,000 HTTP requests per second, according to The Register, who wrote about the attack at the time. The recipient website was unnamed.

Taking longer

Cybersecurity aside, other outage findings in the report is that there’s been a higher incidence of outages, and that they’re taking longer to fix, compared with 2013.

The most trouble-prone MNOs had at least 15 incidents a year, the study reckons. And MNOs in general are seeing more "incidents taking 48 hours or more to fix,” Donegan says.

“These outages will only increase in severity and frequency as video traffic and IoT place massive demands on network capacity,” John Baker of Spirent added in the brief.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10