Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


04:00 PM
Connect Directly

Telcos Become Richer Hacking Targets

The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.

As telecommunications providers transition their network services infrastructures away from proprietary systems to commercial routers, switches, and servers, it also has opened them up to increased cybersecurity threats.

As a result, telco spending on cybersecurity will have a compound annual growth rate of 11.9% between 2018 and 2022, according to International Data Corp.'s (IDC) 2019 Worldwide Semiannual Security Spending Guide.

"Robust investment in key security solutions is due to myriad facets of security needs, including data loss and prevention, compliance and risk management, increasingly sophisticated cyber schemes, and digital transformation complexity," Karen Massey, research manager at IDC said in the report.

The telecommunications industry is under more frequent attack by actors such as China and North Korea, according to CrowdStrike's Global Threat Report 2020. Many attacks against telcos in 2019 used "publicly available tools" to tap into providers' networks for spying or other illicit means, according to CrowdStrike.

Fraud losses as a percent of global telecom revenue grew 37% to $28.3 billion in 2019, or 1.74% of total revenue, compared with $29.2 billion (1.27% of global telecom revenue), according to the Communications Fraud Control Association's (CFCA) 2019 Global Telecom Fraud Survey. Some of the top routes to fraud included private branch exchange (PBX) hacking, IP PBX hacking, and subscription fraud via applications. Criminals hacked into PBXes and IP PBXes, used phishing and pharming to illegally access network devices to commit fraud, and launched distributed denial-of-service (DDoS) that blocked users from their networks, CFCA's report says. 

Proprietary systems still run many tier-one telecommunications operators' crucial functions and often are viewed as more secure – in large part due to the highly customized nature of the coding and hardware. Historically, however, these systems have proven vulnerable as well. 

As far back as 1987, for example, hackers manipulated proprietary BellSouth databases to tamper with the former operator's billing and customer information, which was documented in Sandeep Gupta's book, Hacking in the Free World. Chinese hackers in 2012 reportedly broke into the former Nortel Networks' infrastructure.

But telcos are becoming an attractive stepping-stone to bigger targets. More recently, Cybereason's Nocturnus team last year discovered threat actors waging an advanced attack campaign against multiple global telecommunications providers using tools and styles often associated with Chinese-affiliated hackers. The attackers were after data belonging to specific, valuable targets (individuals and organizations), and ultimately resulted in hackers' takeover of some operators' networks.

"They would compromise the network, do a credential dump, scan the network, and hop from server to server," Amit Serper, senior director and head of security research for Cybereason Nocturnus told Dark Reading at the time. "Finally they were able to get domain admin credentials. They were then able to create their own accounts, some of which were domain admins themselves."

Changing of the Guard

Some telecommunications firms are moving away from proprietary technology faster than others. Many are adopting public and private cloud services – things like private cloud for hosting their network functions virtualization (NFV), and services that meld inhouse and third-party cloud capabilities so telcos then can offer it as a service to corporate customers. They also are using cloud-based services for telco-specific IT applications like Operations Support Systems (OSS) and Business Support Systems (BSS), plus regular email and Customer Relationship Management (CRM), Heavy Reading analyst James Crawshaw noted a blog post.

They're also deploying Intel-based servers, along with their own versions virtualization and SDN. Competitors AT&T and Verizon, for example, took alternate approaches to NFV, with AT&T forming a group behind its ECOMP architecture and Verizon joining the Open Network Automation Project (ONAP), which the Linux Foundation directs.

"Being open to the idea of using white boxes and open source technologies can bring superior performance, breakthrough economics, and game changing innovation at a much faster pace," says Ritesh Mukherjee, vice president of product management at 128 Technology, which develops a software-defined router solution. "Telcos have definitely realized this and are more open now than ever to embracing this trend. They have realized that if they are unable to meet customers' demands, they risk falling behind."

The number of industry and security standards can simplify the job of selecting the right security products and services for telcos, Mukherjee says. While some operators have created their own technology-oriented standards groups for things like NFV and SDN deployment, all adhere to codes including HIPAA for US healthcare and TIC 3.0 for Trusted Internet Connection guidelines.

"Telcos are increasingly disqualifying vendors that do not meet some security standards [like HIPAA & TIC].While this does not guarantee exemption from attacks, it does provide some peace of mind," Mukherjee says. Many are contracting out penetration testing of products, he says.

For its part, France's Kosc Telecom is automating everything in its network, says CEO Antoine Fournier. This is part of the wholesale telecom provider's Connectivity-as-a-Service offering, he says. Using automation makes sense financially – the network remains up because it proactively updates and repairs software, re-routes traffic when necessary and avoids upsetting customers' data traffic, says Fournier. Automation, he notes, also ensures its security solutions are up-to-date and immediately alerting teams if problems arise.  

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
Related Content:
Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.