Telecoms companies, their core infrastructure and the large volumes of personal data they hold on subscribers, all represent an attractive target for malicious actors. Telecoms have suffered more attacks than any other surveyed. Telecoms organisations admitted to having faced four attacks on average over the last twelve months, according latest report on cyber security in the global telecoms Industry of EfficientIP.
Top five security threats for Telecoms organisations are: DDoS (42%), Malware (36%), DNS Tunnelling (31%), Cache Poisoning (28%) and Zero-Day Exploits (20%). Telecoms organisations face the most DNS-based attacks, and each attack costs companies an average of £460,000 to remediate. DNS-based attacks cost organisations globally £1.7 million on average every year across several industries.
India is also seeing increasing number of attacks in the telecom sector: The country’s largest telecom network – BSNL – faced a botnet attack which affected the information built into modems used for BSNL’s broadband services across the country. Over 2,000 customers were affected, with many facing issues with their broadband connectivity for over three days. The malware attacked internal modems in the National Internet Backbone of the BSNL.
Similarly, MTNL connectivity issues arose due to malware attack. For over three days, both BSNL and MTNL networks were down across states in India. The offices of BSNL and MTNL were flooded with complaints.
The personal data of over 100 million customers was compromised when Reliance Jio suffered a major data breach. The data had leaked onto a website in what analysts said could be the first ever large-scale breach at an Indian telecom operator. This sensitive data is a compelling target for cyber-criminals or insiders looking to blackmail customers, conduct identity theft, steal money or launch further attacks
Government agencies are increasingly attacking telecom operators’ infrastructure and applications to establish covert surveillance under the umbrella of security requirements. These sophisticated actors typically use very advanced persistent threats (APT) that can operate undetected for long periods of time. Communication channels targeted for covert surveillance include everything from phone lines and online chat to mobile phone data. Such attacks are also used by adversary nation-states. There have even been cases where one nation’s cyber-attack prevented another nation’s leaders from communicating on their mobile devices.
Telecommunication Networks Vulnerability
Telecommunication networks are transmission systems enabling information to be transmitted in analogue or digital form between various different sites by means of electromagnetic or optical signals. The information may consist of audio or video data or some other type of data. The networks are based either on wired or wireless infrastructures. Typical examples of telecommunication networks are the telephone landline network, the mobile network, cable TV networks or the internet.
Telecommunication networks from a global point of view present a convergence of several technologies –PSTN, 2G, 3G and 4G with vital network components. These components are Access network, Core network, Application and Management Network, Internal and External Networks.
PSTN infrastructure is made up of digital switches, cables such as coaxial, surface and submarine optic fibrecables for long distance transmission, terrestrial microwave and communication satellite links.
One of the vulnerability is the telecommunications supply chain that comprises control layer equipment such as computer hardware, software, and middleware. The fact that much of this equipment is manufactured in different parts of the world has made insertion of hardware Trojans into these equipments which can be programmed to leak data or carry out more malicious actions.
Telecoms companies face particular cyber security concerns as a result of their interconnected nature and the reliance upon international standards in their operations. For example, mobile telecommunications providers rely upon the Signalling System 7 (SS7) protocol, the standard by which telecoms companies interoperate globally to facilitate roaming and delivery of calls and texts.
SS7 dates back to the 1970s and has been found to contain vulnerabilities that allow calls, texts and location information on handsets to be spied upon knowing only a subscriber’s phone number. It also allows calls, texts and other content to be diverted away from a legitimate subscriber’s handset to that of an attacker. For example, these vulnerabilities have recently been exploited in Germany by hackers to drain bank accounts by intercepting two factor-authentication SMS messages.
Internet routers – both routers used in the backbone of the Internet and end user (consumer) routers – have also been targets of cyber-attacks. Backbone routers process the data of multiple organisations simultaneously; in targeting these routers the hackers hope to compromise many organisations at once.
One critical threat unique to the telecommunications sector is the attack of leased infrastructure equipment, such as home routers from Internet Service Providers (ISPs). Once the equipment has been compromised, hackers can use it to steal data, launch other attacks anonymously, store exfiltrated data, or access expensive services such as international phone calls.
One mounting technology concern among operators is Internet route hijacking, also known as IP hijacking, an exploit in which adversaries corrupt Internet routing tables to ‘hijack’ packets of data. BGP (Border Gateway Protocol), which is used by those routers to control routing of traffic on the internet, also has known issues and have been exploited to redirect traffic to bad actors. Home routers too, often those provided to customers by ISPs, have been an attractive target for hackers.
The Mirai worm affected 100,000 UK Post Office broadband customers and 900,000 customers of Telecom, and was used to mount a distributed denial-of-service (DDoS) attack against core internet infrastructure provided by Dyn, which in turn resulted in outages across Twitter, Spotify, Netflix, Paypal and other services. The worm also disabled some subscribers’ routers permanently (so-called “bricking”) meaning they had to be physically replaced.
Another front-burner issue for telecoms organisations is the proliferating risk of intrusions via mobile devices, whose ubiquity has compounded a number of security risks.
Telecom service providers maintain a large repository of personal data and sensitive information. They are constantly under threat and vulnerable to hacking. Therefore, it has forced government bodies to create regulations regarding user data protection. Telecom players are always on the lookout for third-party organizations and state-of-the-art security framework.
Telecom is one of the sectors which is constantly introducing newer technology. Every year, the market gets flooded with advanced handsets. There is also mushrooming of companies in the app space. Meanwhile, companies continue to rely on certain legacy systems and technology as well, thus creating gaps. “It is through these gaps that hacks can occur,” Mohan says. “For example, though many in the urban areas use 4G networks, in rural areas, 2G is still prevalent.”
Today telecom organisations, particularly large global operators, are recasting themselves as technology companies. They are, for instance, creating mobile applications for use of VoIP calls and storing data on cloud services. Combined, mobility and cloud computing create new frontiers of risks for operators that will expose them to many of the same security risks that tech companies must dodge.
The transition to next-generation protocols IPv6 and DNS Security Extensions (DNSSEC) may also open service providers to DDoS vulnerabilities. Both contain features intended to increase security, but these features also slow down how quickly devices can process requests, making them attractive targets for hackers to create bottlenecks, said Carlos Morales, vice president of global sales engineering and consulting at Arbor Networks.
Another impact is explosive growth of Internet of Things (IoT) that is generating billions and trillions of new data sources and thus, it is expected that this growth will push the data to be handled by networks to zettabytes per year. However billions of IoT devices also present huge vulnerability themselves because of their weak security implementations.
Security of the networks has become a major priority for the telcos and they are facing challenges with the emergence of new threats that are powered by new technologies. So, a number of operational and technical innovations are needed to meet customer expectations of complete system security from network till the device level.
Many of these attacks present a unique challenge as protocols such as SS7 and BGP are defined by international standards and so require international cooperation to resolve the vulnerabilities.
Today’s cyber adversaries are constantly sharpening and evolving their capabilities to exploit new vulnerabilities. Addressing these threats will require that telecoms operators approach activities and investments with comprehensive, up-to-the-minute knowledge about information assets, ecosystem threats, and vulnerabilities.
Another new approach is sharing information with others to improve security and gain intelligence on current threats. Among telecom respondents, 54% said they collaborate with others – including competitors – to improve security and reduce the potential for risks. Among them is Verizon Communications.
It’s imperative that operators implement policies that form the basics of cloud security, including data encryption, protection of business-critical data, ensuring that service providers adhere to security standards, and regulations regarding where data can be stored, among others. They should also require that third-party cloud providers agree to follow security practices.
Technology safeguards, of course, are another foundational element to secure telecoms ecosystems against today’s evolving threats. Operators are deploying solutions that augment threat detection and intelligence capabilities. Specifically, we’ve seen operators increase use of technology safeguards like intrusion-detection tools, asset-management tools, protection and detection solutions, patch-management tools, centralised user data storage, and more
A local perspective on telecom security threats is deadly. Instead, telecom security specialists should adopt a broader perspective of the sources of attacks and the tools available to cyber criminals. Stateful firewalls and IPS are poor DDoS barriers, Morales said. Intelligent DDoS mitigation systems can provide more protection. Other best practices include the use of access control lists (ACLs) hardware-based routers, flow specification, source- and destination-based remote-triggered blackhole lists, server hardening and unicast reverse path forwarding (RPF), he said. As recent cyber-attacks showed how crucial patching was to avoid easy exploits, telecoms have only applied an average of four patches out of the 11 critical patches recommended by ISC in 2016.