Telcos Become Richer Hacking Targets

The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.

Alison Diana, Contributing Writer

May 21, 2020

5 Min Read

As telecommunications providers transition their network services infrastructures away from proprietary systems to commercial routers, switches, and servers, it also has opened them up to increased cybersecurity threats.

As a result, telco spending on cybersecurity will have a compound annual growth rate of 11.9% between 2018 and 2022, according to International Data Corp.'s (IDC) 2019 Worldwide Semiannual Security Spending Guide.

"Robust investment in key security solutions is due to myriad facets of security needs, including data loss and prevention, compliance and risk management, increasingly sophisticated cyber schemes, and digital transformation complexity," Karen Massey, research manager at IDC said in the report.

The telecommunications industry is under more frequent attack by actors such as China and North Korea, according to CrowdStrike's Global Threat Report 2020. Many attacks against telcos in 2019 used "publicly available tools" to tap into providers' networks for spying or other illicit means, according to CrowdStrike.

Fraud losses as a percent of global telecom revenue grew 37% to $28.3 billion in 2019, or 1.74% of total revenue, compared with $29.2 billion (1.27% of global telecom revenue), according to the Communications Fraud Control Association's (CFCA) 2019 Global Telecom Fraud Survey. Some of the top routes to fraud included private branch exchange (PBX) hacking, IP PBX hacking, and subscription fraud via applications. Criminals hacked into PBXes and IP PBXes, used phishing and pharming to illegally access network devices to commit fraud, and launched distributed denial-of-service (DDoS) that blocked users from their networks, CFCA's report says. 

Proprietary systems still run many tier-one telecommunications operators' crucial functions and often are viewed as more secure – in large part due to the highly customized nature of the coding and hardware. Historically, however, these systems have proven vulnerable as well. 

As far back as 1987, for example, hackers manipulated proprietary BellSouth databases to tamper with the former operator's billing and customer information, which was documented in Sandeep Gupta's book, Hacking in the Free World. Chinese hackers in 2012 reportedly broke into the former Nortel Networks' infrastructure.

But telcos are becoming an attractive stepping-stone to bigger targets. More recently, Cybereason's Nocturnus team last year discovered threat actors waging an advanced attack campaign against multiple global telecommunications providers using tools and styles often associated with Chinese-affiliated hackers. The attackers were after data belonging to specific, valuable targets (individuals and organizations), and ultimately resulted in hackers' takeover of some operators' networks.

"They would compromise the network, do a credential dump, scan the network, and hop from server to server," Amit Serper, senior director and head of security research for Cybereason Nocturnus told Dark Reading at the time. "Finally they were able to get domain admin credentials. They were then able to create their own accounts, some of which were domain admins themselves."

Changing of the Guard

Some telecommunications firms are moving away from proprietary technology faster than others. Many are adopting public and private cloud services – things like private cloud for hosting their network functions virtualization (NFV), and services that meld inhouse and third-party cloud capabilities so telcos then can offer it as a service to corporate customers. They also are using cloud-based services for telco-specific IT applications like Operations Support Systems (OSS) and Business Support Systems (BSS), plus regular email and Customer Relationship Management (CRM), Heavy Reading analyst James Crawshaw noted a blog post.

They're also deploying Intel-based servers, along with their own versions virtualization and SDN. Competitors AT&T and Verizon, for example, took alternate approaches to NFV, with AT&T forming a group behind its ECOMP architecture and Verizon joining the Open Network Automation Project (ONAP), which the Linux Foundation directs.

"Being open to the idea of using white boxes and open source technologies can bring superior performance, breakthrough economics, and game changing innovation at a much faster pace," says Ritesh Mukherjee, vice president of product management at 128 Technology, which develops a software-defined router solution. "Telcos have definitely realized this and are more open now than ever to embracing this trend. They have realized that if they are unable to meet customers' demands, they risk falling behind."

The number of industry and security standards can simplify the job of selecting the right security products and services for telcos, Mukherjee says. While some operators have created their own technology-oriented standards groups for things like NFV and SDN deployment, all adhere to codes including HIPAA for US healthcare and TIC 3.0 for Trusted Internet Connection guidelines.

"Telcos are increasingly disqualifying vendors that do not meet some security standards [like HIPAA & TIC].While this does not guarantee exemption from attacks, it does provide some peace of mind," Mukherjee says. Many are contracting out penetration testing of products, he says.

For its part, France's Kosc Telecom is automating everything in its network, says CEO Antoine Fournier. This is part of the wholesale telecom provider's Connectivity-as-a-Service offering, he says. Using automation makes sense financially – the network remains up because it proactively updates and repairs software, re-routes traffic when necessary and avoids upsetting customers' data traffic, says Fournier. Automation, he notes, also ensures its security solutions are up-to-date and immediately alerting teams if problems arise.  


Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register


Related Content:

About the Author(s)

Alison Diana

Contributing Writer

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An avid reader, swimmer and Yankees fan, Alison lives on Florida's Space Coast with her husband, daughter and two spoiled cats. Follow her on Twitter @Alisoncdiana or connect on LinkedIn.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights