Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

ENISA Report Outlines Incidents Causing Major Outages at Telcos

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, has released a new report outlining incidents that resulted in “major outages” at electronic communication networks or services in the EU during 2012.

The report provides an aggregated analysis of the 79 reported incidents of severe outages of electronic communication networks, or services during the year.

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, has released a new report outlining incidents that resulted in “major outages” at electronic communication networks or services in the EU during 2012.

The report provides an aggregated analysis of the 79 reported incidents of severe outages of electronic communication networks, or services during the year.

According to the Annual Incident Reports 2012:

• 18 countries reported 79 “significant” incidents, nine countries reported no significant incidents.

• Most incidents affected mobile telephony or mobile Internet (about 50%).

• Incidents affecting mobile telephony or mobile Internet also affected most users (around 1.8 million users per incident).

• Incidents caused by overload followed by power failures respectively had most impact in terms of number of users affected times duration.

• For most incident reports, as well as for the four services, (fixed and mobile telephony, and fixed and mobile internet) the root cause was “System failures” (75 %).

Advertisement. Scroll to continue reading.

• Hardware failures were the most common cause of “Systems failures”, followed by software bugs.

• Switches were the most frequent point of failure (e.g. routers and local exchange points) followed by mobile network home location registers.

• Root cause third party failure incidents, mostly power supply failures, affected around 2.8 million user connections per incident on average.

• Incidents involving overload affected around 9.4 million user connections per incident on average.

• Incidents caused by natural phenomena (mainly storms and heavy snowfall) lasted the longest: on average around 36 hours.

Some interesting incidents pulled from the report include

Overload caused VoIP outage – In the shift from a temporary to a permanent network solution, voice over IP service was disrupted for 400,000 users after the platform became overloaded as a result of too many simultaneous registrations of customer devices.

Faulty Upgrade halted IP-base traffic – An upgrade in a core router went wrong, causing a drop of all IP based traffic for the provider causing many services to go down, including the emergency number 112. This incident led to an outage of 17 hours affecting 3 million users.

DDoS attacks on DNS affected mobile Internet – A series of DDoS attacks targeted a provider’s domain name service. Up to 2.5 million mobile Internet users were affected during 1-2 hours. The attacking IP-addresses were tracked and blocked, the load balancing units were restarted and the traffic could be recovered. As post-incident actions additional DNS servers were installed, configuration changes were made on firewalls and hardware was expanded to withstand similar attacks.

“Reporting major incidents helps us understand what went wrong, why, and how to prevent similar incidents from happening again,” ENISA Executive Director, Professor Udo Helmbrecht said in a statement.

The full report can be downloaded here. ENISA’s 2013 report is expected to be published in the spring of 2014. 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...