By Travis Volk, senior vice president of global service providers for Radware
Internet service providers (ISPs) continue to be a top target for hacktivists globally. Free, a major internet service provider in France, is one of the latest victims. According to recent reports, Free’s systems were breached and customer information, impacting possibly 19 million users, was stolen. Australian internet provider Tangerine suffered a 2024 cyberattack that resulted in the unauthorised disclosure of information of more than 200,000 customers. AT&T confirmed not one but two breaches so far in 2024, with one of the incidents affecting nearly all its approximately 110 million people.
As we look towards 2025, ISPs will continue to be high-value targets for cybercriminals and for good reason. They handle vast amounts of sensitive data and offer access to downstream customers.
After travelling across four continents to meet with 75 industry-leading ISPs, I’ve seen firsthand how quickly the cyber stakes are rising for them, especially if they lack adaptive protections and Layer 7 (L7) capabilities. As the threat landscape continues to be shaped by AI, ISPs must respond in kind by taking stronger security measures and embracing AI-driven cybersecurity solutions.
Emerging Risks in the Age of AI
According to Radware’s latest Global Threat Analysis Report, cyber attacks increased in frequency and volume during the first half of 2024. L7 Web DDoS attacks alone surged globally by 265% compared to the second half of 2023. In addition, the average DDoS volume per organization grew by 116% in the Americas, 293% in EMEA, and 302% in APAC compared to the same period in 2023. At the same time, human-like bots are employing sophisticated evasion techniques with greater tenacity and aggression.
What’s more, automation – particularly AI – is driving down the cost of attacks and dramatically escalating their speed and impact. It costs as little as $15 for a hacker to purchase an AI key on the dark web and initiate a large language model (LLM) assisted attack that takes only minutes to execute.
These dynamics are pushing attacks downstream and putting millions of SMBs directly into the line of fire, especially if they handle higher-value personally identifiable information (PII), where the average loss per incident (< than 1,000 records breached) is nearing $5 million. This is a cost that creates an existential threat to many businesses.
To complicate the matter, many ISPs have acquired an increasingly overmatched and disparate set of legacy protections from numerous third-party software and security providers to eliminate vulnerabilities and counteract attacks to their infrastructure, APIs, and applications. However, since many ISPs lack the ability to correlate events across their collection of protection tools, hackers are navigating these “blind spots” to increase their effectiveness, leaving ISPs at a significant disadvantage.
Perhaps more troubling is how threats continue to evolve. Multi-vector campaigns are targeting ISP weaknesses, often by using heavily randomized attack vectors that resemble legitimate transactions. And LLMs are playing a central role in increasing hackers’ penetration testing.
A study by the University of Illinois found that LLM agents can autonomously exploit real-world security vulnerabilities by reading a threat advisory. According to the researchers, the study focused on a “dataset of 15 one-day vulnerabilities that included ones categorized as critical severity in the CVE description.” “When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and Metasploit).”
Hackers, of course, begin their assault the moment a CVE is identified, but it often takes ISPs weeks or months to catch up. Investigations and remediation take place long after the hacker has succeeded simply because the ISP is unaware in the moment. In many instances, legacy systems simply lack the necessary raw compute resources to apply modern algorithms to detect, mitigate, and respond to these sophisticated, evolving threats.
In addition to automated vulnerability assessments, ISPs report that generative AI is enabling fraudsters to dramatically improve their social-engineering efforts. Increasingly realistic phishing attempts – continually tuned and refined by hackers – are leading to successful account take overs (ATOs) and fraud even in Zero Trust environments.
AI Payloads are Exponentially Greater
AI-driven attacks can lead to devastating consequences, such as ransomware-based disruptions of poorly secured public-safety communications or ATOs leading to losses and fraud. Many of these incidents are tied to web portals and API attacks where PII data is stolen.
PII, of course, amplifies the hacker’s effectiveness with social-engineering fraud. A growing number of bots are leveraging ISP networks and residential proxies to obscure their campaigns. They’re increasingly leveraging social platforms and search-oriented communication, which increase the complexity and cost of repairing the damage and preventing future occurrences. For instance, the well-known BlackMamba demonstration showed how attackers could exploit weaknesses in Microsoft Teams to execute malicious activities, including the deployment of malware, phishing attacks, and unauthorized data access.
From a regulatory perspective, these lapses represent a costly liability for ISPs. TracFone agreed to pay $16 million following three breaches from API exploits. For smaller businesses, fines like these could be devastating. According to a report by Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR), half of SMB’s have experienced cyber attacks and over 60% of those attacked go out of business.
How ISPs Can Respond
Based on my conversations with dozens of ISP leaders, I offer these five strategies to service providers that want to strengthen their cybersecurity posture in the age of AI:
- Be mentally prepared – Attack strategies are evolving at a blistering pace, and we must be mentally prepared to evolve alongside them. This requires a proactive mindset and a commitment to agility and rapid responses.
- Deploy layered protections – For better contextual security and scalability, it’s important to implement layers of protection that offer multiple defense mechanisms against a diverse range of threats.
- Add L7 defences – Modern enterprise applications demand L7 defenses to combat emerging Web DDoS attacks. Detecting these attacks requires decryption and deep inspection into the L7 traffic headers, which network-based DDoS protection solutions weren’t built to do. Standard on-prem or cloud-based WAFs fail to keep up with the scale and randomisation. And rate-limiting techniques have a major negative effect on legitimate traffic.
- Emphasise reliability and control – It’s a good strategy to add platform capabilities that enhance reliability and control and build on trusted systems while integrating advanced AI-driven security features.
- Look for platforms that address multiple market segments and risk tolerances – This ensures that security solutions are versatile and effective across different environments and enhance overall resilience.
In today’s rapidly evolving threat landscape, ISPs are contending with more disruptive and complex attacks, more emboldened hackers, and increasingly disadvantageous economics. With hackers preying on vulnerabilities and working a magnitude faster with the help of AI, it’s time to adopt a proactive, agile approach to resilience planning and rapid response. Securing our world from attacks in the future means we must be prepared to evolve alongside them.
