Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

5/21/2020
04:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Telcos Become Richer Hacking Targets

The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.

As telecommunications providers transition their network services infrastructures away from proprietary systems to commercial routers, switches, and servers, it also has opened them up to increased cybersecurity threats.

As a result, telco spending on cybersecurity will have a compound annual growth rate of 11.9% between 2018 and 2022, according to International Data Corp.'s (IDC) 2019 Worldwide Semiannual Security Spending Guide.

"Robust investment in key security solutions is due to myriad facets of security needs, including data loss and prevention, compliance and risk management, increasingly sophisticated cyber schemes, and digital transformation complexity," Karen Massey, research manager at IDC said in the report.

The telecommunications industry is under more frequent attack by actors such as China and North Korea, according to CrowdStrike's Global Threat Report 2020. Many attacks against telcos in 2019 used "publicly available tools" to tap into providers' networks for spying or other illicit means, according to CrowdStrike.

Fraud losses as a percent of global telecom revenue grew 37% to $28.3 billion in 2019, or 1.74% of total revenue, compared with $29.2 billion (1.27% of global telecom revenue), according to the Communications Fraud Control Association's (CFCA) 2019 Global Telecom Fraud Survey. Some of the top routes to fraud included private branch exchange (PBX) hacking, IP PBX hacking, and subscription fraud via applications. Criminals hacked into PBXes and IP PBXes, used phishing and pharming to illegally access network devices to commit fraud, and launched distributed denial-of-service (DDoS) that blocked users from their networks, CFCA's report says. 

Proprietary systems still run many tier-one telecommunications operators' crucial functions and often are viewed as more secure – in large part due to the highly customized nature of the coding and hardware. Historically, however, these systems have proven vulnerable as well. 

As far back as 1987, for example, hackers manipulated proprietary BellSouth databases to tamper with the former operator's billing and customer information, which was documented in Sandeep Gupta's book, Hacking in the Free World. Chinese hackers in 2012 reportedly broke into the former Nortel Networks' infrastructure.

But telcos are becoming an attractive stepping-stone to bigger targets. More recently, Cybereason's Nocturnus team last year discovered threat actors waging an advanced attack campaign against multiple global telecommunications providers using tools and styles often associated with Chinese-affiliated hackers. The attackers were after data belonging to specific, valuable targets (individuals and organizations), and ultimately resulted in hackers' takeover of some operators' networks.

"They would compromise the network, do a credential dump, scan the network, and hop from server to server," Amit Serper, senior director and head of security research for Cybereason Nocturnus told Dark Reading at the time. "Finally they were able to get domain admin credentials. They were then able to create their own accounts, some of which were domain admins themselves."

Changing of the Guard

Some telecommunications firms are moving away from proprietary technology faster than others. Many are adopting public and private cloud services – things like private cloud for hosting their network functions virtualization (NFV), and services that meld inhouse and third-party cloud capabilities so telcos then can offer it as a service to corporate customers. They also are using cloud-based services for telco-specific IT applications like Operations Support Systems (OSS) and Business Support Systems (BSS), plus regular email and Customer Relationship Management (CRM), Heavy Reading analyst James Crawshaw noted a blog post.

They're also deploying Intel-based servers, along with their own versions virtualization and SDN. Competitors AT&T and Verizon, for example, took alternate approaches to NFV, with AT&T forming a group behind its ECOMP architecture and Verizon joining the Open Network Automation Project (ONAP), which the Linux Foundation directs.

"Being open to the idea of using white boxes and open source technologies can bring superior performance, breakthrough economics, and game changing innovation at a much faster pace," says Ritesh Mukherjee, vice president of product management at 128 Technology, which develops a software-defined router solution. "Telcos have definitely realized this and are more open now than ever to embracing this trend. They have realized that if they are unable to meet customers' demands, they risk falling behind."

The number of industry and security standards can simplify the job of selecting the right security products and services for telcos, Mukherjee says. While some operators have created their own technology-oriented standards groups for things like NFV and SDN deployment, all adhere to codes including HIPAA for US healthcare and TIC 3.0 for Trusted Internet Connection guidelines.

"Telcos are increasingly disqualifying vendors that do not meet some security standards [like HIPAA & TIC].While this does not guarantee exemption from attacks, it does provide some peace of mind," Mukherjee says. Many are contracting out penetration testing of products, he says.

For its part, France's Kosc Telecom is automating everything in its network, says CEO Antoine Fournier. This is part of the wholesale telecom provider's Connectivity-as-a-Service offering, he says. Using automation makes sense financially – the network remains up because it proactively updates and repairs software, re-routes traffic when necessary and avoids upsetting customers' data traffic, says Fournier. Automation, he notes, also ensures its security solutions are up-to-date and immediately alerting teams if problems arise.  

 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 
Related Content:
Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25660
PUBLISHED: 2020-11-23
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph...
CVE-2020-25688
PUBLISHED: 2020-11-23
A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacker could observe network traffic internal to a...
CVE-2020-25696
PUBLISHED: 2020-11-23
A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating sy...
CVE-2020-26229
PUBLISHED: 2020-11-23
TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerability is reasonable, but is theoretical - it was not possible to actually reproduce the vulnerability...
CVE-2020-28984
PUBLISHED: 2020-11-23
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.