The telecommunications sector has long been a high-value target for cyber criminals. The communications industry saw a 51% rise in the number of attacks in 2021 making it the third most vulnerable sector. The telecom infrastructure is used to transmit and store large amounts of sensitive information making it a lucrative target for bad actors.
The telecom industry is particularly vulnerable to cyber-attacks. The telecommunications infrastructure that has found widespread adoption makes the industry a lucrative target for cyber criminals. After all, a successful attack on the telecommunications network can potentially expose information to millions of customers.
Why is the telecommunication sector vulnerable to attacks?
Both telecommunications threats and cyber risks for the telecom industry are increasing. The major reasons why the telecommunications sector is a lucrative target for cyber-attacks are as below.
- Interconnected networks: The telecom industry has interconnected networks. There is also tons of customer data and sensitive information. The combination of these two factors means that cyber criminals can cause maximum damage through minimum effort. Due to the interconnected networks, an infiltration can potentially open doors to information on various connected systems.
- Legacy technology: The telecommunications sector still uses legacy technology which makes it vulnerable to IP-based threats. Even though digital transformation and advanced technology solutions are available, the adoption and transition from legacy systems is slow, leaving companies with vulnerable old-school systems.
- Sensitive information: Telecom providers store a lot of information including financial information such as credit card information, social security numbers, contact details, etc. which are particularly useful for bad actors to sell on the dark web.
- Increasing threat surface: The threat surface continues to increase as we move towards advanced technology such as 5G.
- Lack of awareness: Lack of technical knowledge and awareness within the team is one of the major challenges. Poor password hygiene and data sharing often invite risks that could easily be avoided through proper education.
Cyber criminals aim to launch attacks on the telecommunications sector since the rewards for such a data breach are high for hackers. A successful data breach can give hackers access to data on millions of customers. The valuable information is sold on the dark web or the hackers can demand ransom in lieu of not making the information public.
What are the main threats to the telecommunications sector?
Insider threats are one of the major risks for the telecom industry. There are two aspects to it – vindictive behavior by someone on the inside and lack of awareness about the risks involved with their actions. Cyber threats have increased now with the influx of remote work models and connections to unsecured networks. Phishing remains one of the top concerns where cyber criminals send malicious links through emails or messages.
Supply chain risks
The telecom sector deals with multiple third-party entities such as vendors, web hosting services, data management services, managed service providers, partners, etc. If the cybersecurity maturity levels of these third-party vendors are weak, it gives hackers a backdoor entry into the telecom network. All they need is a weak link in the supply chain to cause severe damage.
Internet of Things
Internet of Things (IoT) adoption has been on the rise over recent years. With an increasing number of devices connected to the network, the threat surface is increasing, too. A high number of endpoints, many of which are not adequately secured, makes IoT adoption a major risk. Some of the major risks associated with IoT include system vulnerabilities and weak passwords.
Distributed Denial of Service (DDoS)
In the telecom sector, uninterrupted service is paramount. DDoS attacks aim to disrupt services can impact millions of consumers, cause a shutdown of business operations, and result in significant financial losses. DDoS attacks targeting telecom providers have seen an increase and in the first quarter of 2021, most DDoS attacks were targeted toward the telecom sector.
Telecom networks are increasingly using cloud computing to support their operations. While a cloud network is considered more secure than on-premise infrastructure, it is not completely invincible and comes with its own security concerns. A successful attack on the cloud network can impact multiple virtual machines at the same time, posing a severe risk.
In 2019, even before the pandemic hit, 83% of telecom and media companies had experienced a DNS attack. DNS attacks are expensive, with some affected companies losing about $5 million per attack.
SS7 and diameter signaling threats
SS7 and diameter protocols used by several telecom companies are vulnerable. Cyber criminals who can obtain two-factor authorization codes through phishing or other means can gain access to user accounts and steal information. Even though this vulnerability can be managed through the implementation of the right controls, some companies fail to do so, leaving their systems susceptible to a breach.
Which are the existing/recent threats to the telecom sector?
Understanding the existing vulnerabilities and threats in the telecom sector can help companies have a stronger cybersecurity strategy. Below are the major threats and vulnerabilities that have had the most impact on the telecom industry. These are the major attack vectors that you need to be aware of.
Vermilion Strike is a threat that impacts Linux and Windows systems, and the telecom industry is particularly vulnerable to it. The Linux malware is completely undetected by vendors and the malware grants remote access to the hackers to upload files, write to files, and run shell scripts. Vermilion Strike is used in targeted attacks rather than mass attacks.
ShellClient is an RAT (Remote Access Trojan) malware that can steal sensitive information from compromised devices. This malware has been active since 2018 and aerospace and telecom companies are the most vulnerable to it.
As recently as March 2022, German telecom company T-Mobile was repeatedly attacked by a cybercrime group called LAPUS$. The group is notorious for carrying out data breaches and then demanding a ransom. T-Mobile was only one of their victims and the group leaked huge volumes of data from other corporations, too.
Evil Corp and Macaw
Evil Corp, a hacker group, has been involved in cybercrimes since 2007. The group was sanctioned by the US government in 2019 owing to their criminal activities. In October 2021, they used ransomware called MacawLocker to disrupt the operations at Olympus and Sinclair Broadcast Group. It is rumored that about $68 million was demanded as ransom for both attacks combined.
LightBasin is a hacker group that has been active since 2016 and was discovered as a threat in 2021. The group has already attacked 13 global telecom companies. Their modus operandi includes abusing unique protocols used by telecoms to steal sensitive information. They target Linux and Solaris servers majorly. The 13 attacks they have carried out were to gain access to subscriber information and call metadata.
While this article discusses the current cybersecurity landscape for the telecom industry, this landscape will continue to evolve in the coming times. The risks and threats will increase both due to organizational changes and cyber criminals launching more sophisticated attacks.
To effectively fight against cyber-attacks, telecom companies need to build strong cybersecurity strategies that include employee awareness and using the right technology. Automating workflows, continuous incident monitoring, effective risk assessment and management programs, etc. are all instrumental in having a secure environment in the telecom sector.