Locks and Security News: your weekly locks and security industry newsletter
13th October 2021 Issue no. 577
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Rising security concerns in the Telecom industry
The Telecom industry keeps the world connected. From private communications to business interactions, it is an intrinsic part of our daily lives, and we take many elements for granted. Be it via the phone, across the internet, over airwaves or cables, this sector makes it possible to communicate in rapid time anywhere around the world.
From satellite companies, internet providers, telephone corporations, the infrastructure behind these organizations makes it feasible for all our videos, audio and text to be sent around the globe. Which aids development in practically every industry.
'Telecom Service Revenue Worldwide Equates to 1,130bn euros' - Statista
In recent years, as technology has developed, our world has grown, and as the threat landscape has changed, cyber-attacks specifically against the telecom industry are soaring. Given that this industry controls a vast majority of complex and critical national infrastructure, the impact of a successful attack is not only significant, but extensive.
Our aim, in this blog, is to advise on the current risks and to highlight potential future threats concerning the telecommunication industry, and to explain how providers can use Threat Intelligence to help protect their digital environments and critical infrastructure from emerging cyber threats.
But protecting telecom infrastructure is far from easy. The industry understands that no threat can be tackled in isolation, and that threat actors will continue to exploit vulnerabilities in adopted technologies to achieve their goals.
Key Security Issues
Telco is often the first line of defence, and the majority of Governments, including the UK, uses critical national infrastructure such as British Telecommunication (BT). The problem is, when people think of Telco's, they often associate this with organisations such as Virgin Mobile or EE, these are not Telco's, these are mobile phone operators. BT is the landline that the majority of mobile phone operators pay a little bit to, because they are the ones controlling the pipes.
BT do their own cyber defence as well, as governments view that as the provider, BT is the one controlling the pipes going in, so they can also keep it clean and secure. BT runs these pipes, and these pipes travel under the sea, tunnelling under beaches, up through manholes, to provide internet to the masses. With each manhole, and each pipe there are multiple fibre entry points, all in need of continual security maintenance.
Telecommunication threat map and cyber risk systems are merging. The speed and storage capabilities required are endless. Telecom operators are transforming themselves from network companies to cloud service companies to improve efficiencies in business operations, to roll out new services and applications, and to store and distribute content.
As telecoms are often a gateway into multiple businesses, threats can either target a specific telecom company, its third-party providers, or the subscribers of a telecom service. These attacks come in a variety of forms. Below are some of the most common attack vectors.
One of the greatest challenges for Telco's and Internet Service Providers (ISPs) in the current climate, is how the Internet of Things (IoT) will impact the industry. IoT has skyrocketed in terms of its application with connected devices, creating more entry points in the process. Not all these points are patched properly, and they leave accounts for users, clients and companies exposed.
'47% of the most vulnerable devices are security cameras installed on home networks, followed by smart hubs (15%), like Google Home and Amazon Alexa, and network-attached storage devices (12%).' - GDPR PrivSec Report
While some attacks are vindictive, an issue within telecom is that many employees/insiders are completely unaware that they are a threat in the first place. Few within the industry receive training in cyber security measures. And with over 30% of people now working remotely, connections to unsecured networks are higher than ever.
'Empirical evidence of unsecured Wi-Fi risks is worrying - not only because many applications do not encrypt transmitted data but also because people continue to use the networks.' ( Factors Influencing Users to Use Unsecured Wi-Fi Networks: Evidence in the Wild. Nissy Sombatruang, Lucky Onwuzurike, Angela Sasse, Michelle Baddeley.)
Third parties, including vendors, partners, e-mail providers, service providers, web hosting, law firms, data management companies and subcontractors could easily be a backdoor into crucial infrastructure, for attackers to infiltrate. Maintaining the security of your company, and the security of the providers involved in the business, can be tricky. That's why managed security services are essential to monitor all elements of a given network.
DDoS, including advanced distributed reflection denial of service (DrDoS) using standard network protocols and botnets consisting of compromised mobile and IoT devices are prevalent. Clients of Telco's expect services to run seamlessly 24/7. Any interruption or outage that effects quality of service can result in great financial losses.
A recent example includes an attack on telecom operators in North America, who were 'reportedly hit by a Distributed Denial of Services Cyberattack in what is believed to be touted as the largest cyber-attack launched on the telecom operators of America to date. And reports are in that the attack caused cell phone network disruptions in states like Florida, Georgia, New York, Atlanta, Chicago, Miami, Fort Lauderdale, Los Angeles, California, and Houston Texas.' Reports Cyber Security Insiders.
Terrorism and State Actors
Via remote infiltration, bad actors can control physical elements that can influence critical infrastructure and manipulate outcomes. As well as acquire valuable intelligence on intellectual property, trade agreements and personal data.
These are just a handful of threats. There are many more vulnerabilities that telecommunication providers must look out for. Including...
- Services misconfiguration.
- Compromising subscriber's credentials or devices using social engineering, phishing, malware.
- Long-term espionage campaigns.
Some of these attacks are aimless and come from low-level criminals, but in many cases, telecom providers are often targeted by highly sophisticated threat groups. As a result, there is a good chance that many successful breaches of telecom infrastructure are never detected at all.
Safeguarding against threats, reducing the attack surface, and security systems of large, complicated, and multifaceted organisations is not a quick fix. Cost is also a contributing factor, as many organisations have limited resources, and are unable to secure their devices, systems, people, and processes internally.
This is what Managed Security Providers (MSP's) provide. With the right threat intelligence, telecommunication companies are able to enhance their business profile, make business decisions based off of accurate data, and empower their security team to quickly and accurately address cyber threats and mitigate them in rapid time.
Digital Risk and Threat Monitoring, can be used to harvest information available on the dark web, deep web and in the public domain, to provide superior security and visibility to identify and highlight attacks, detect breached material and safeguard data, people and processes against future threats within the industry.
Authors: Eleanor Barlow (Content Manager, SecurityHQ) and Amro Mohamed (Program Manager, SecurityHQ)
17th February 2021