Experts spoke about the danger of cyber attacks for the telecom industry

In Russia, the number of carpet DDoS attacks against telecom has been growing throughout 2024, and this trend has continued in 2025, Mikhail Khlebunov, Servicepipe's product director, told Izvestia on February 26.

"According to the specialized Servicepipe laboratory, which studies DDoS attacks, in 2024 telecom accounted for a third of all DDoS attacks that hit Russian businesses. At the same time, attacks by politically motivated intruders prevailed. At the same time, the number of carpet attacks against the industry grew throughout 2024, and this trend continued in 2025. In January 2025, the number of "carpets" in relation to telecom increased by 60% compared to January 2024," he said.The expert noted that the attackers used the tactics of multi-vector carpet attacks, when malicious traffic goes to multiple IP addresses at once.

"So, in January 2025, when one of the telecom players was attacked, the carpet area was 3,300 IP addresses. At the same time, in individual attacks, the load on one IP address could be on the order of 1-3 Mbit/s, which is the usual amount of garbage traffic, which is plentiful on the Internet and which periodically "arrives" to a variety of players. At the same time, when the attack "carpet" goes to thousands of services at the same time, its total volume may exceed the capacity of the channel or network equipment. This, in the end, is the main goal of hacktivists — the unavailability of services," Khlebunov added.

Confuse the Networks: software failures at the end of the year were most frequently recorded in retail and logistics

Difficulties arise from the departure of software vendors and increased attacks, experts say

In turn, Evgeny Pudovkin, a technical expert at the Telecom Exchange IT integrator, also said that carpet DDoS attacks are a priori most dangerous for those players with a large number of IP addresses. He clarified that a targeted attack is usually aimed at the IP addresses of specific services.

"It is easy to detect it by statistical anomalies, when traffic to individual IP addresses has increased dramatically from 10 Mbit/s to 300 Mbit/s. If an attacked service is detected, the traffic can be immediately sent for cleanup. In a carpet attack, each IP address of the target's subnet receives a small amount of malicious traffic, while either all IP addresses or just a large number of them are attacked simultaneously," the expert noted.

Earlier, on February 21, it was reported that the average the duration of the cyberattack on Russian companies in 2024 was 51 minutes. This is 21% less than in 2023, according to data from Informzashita. Experts attributed this negative trend to the proliferation of stilers, the development of hacker service platforms, and the use of artificial intelligence by attackers.