Cybersecurity in the telecom industry

The telecom sector has transformed significantly and the 5th Generation (5G) of services is seeing a rapid shift in the services and operating model, with a wider adoption of evolving technologies such as IoT, AI/ML, AR/VR, convergence across sectors, OTT ecosystem, customer centricity and evolving regulations. In today’s environment, telecom services enable multiple other industry sectors, which has been accelerated with digital technology adoption during the pandemic.

Telecom organisations have significant dependence on third parties across the operating model. As the ecosystem grows, there is a higher possibility of a weak link emerging that could trigger a cyber breach. The threat landscape has further enhanced due to increased convergence on using IP-based networks which makes it easier for cyber vulnerabilities to transcend from the traditional IT network to core telecom networks, like 5G, IoT and Cloud.

Cybersecurity is necessary because security measures protect all forms of data from loss, cyber risk, and identity theft. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), private information, intellectual property data, and systems used by the government and business. Because telecommunication companies manage critical infrastructure, a cyberattack might have a significant and wide-ranging effect.

Due to the vast amounts of personal information telcos keep on their clients, cybercriminal gangs view telecom companies as high-value targets. Cybercriminals that wish to steal credit card information, commit identity theft or undermine SMS-based two-factor authentication techniques are particularly interested in financial data. The future will provide new issues as 5G networks roll out to accommodate billions of IoT devices, industrial automation and driverless automobiles.

The telecommunications sector still uses legacy technology which makes it vulnerable to IP-based threats. Even though digital transformation and advanced technology solutions are available, the adoption and transition from legacy systems is slow. Telecom providers store a lot of information including financial information such as credit card information, social security numbers, contact details, which are particularly useful for cyber criminals to sell on the dark web.

Internet of Things (IoT) adoption has been on the rise over recent years. With an increasing number of devices connected to the network, the threat surface is increasing, too. A high number of endpoints, many of which are not adequately secured, makes IoT adoption a major risk. Some of the major risks associated with IoT include system vulnerabilities and weak passwords.

Distributed denial of service (DDoS) attack is one of the most common types of direct cyberattacks that can make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. These attacks have the ability to condense network capacity, swell traffic costs, disrupt the availability of service and even compromise internet access by hitting ISPs.

DNS-based attacks are the other major cyberattacks that still disrupt telecom service providers. Even before the pandemic, 83% of telecom and media companies had experienced a DNS attack. DNS attacks are expensive, with some affected companies losing $5 million per attack.

Moreover, there are several core telecommunication services that are still powered by blemished protocols such as SS7 (Signalling System No 7) or Diameter. Particularly, SS7 protocol has become one of the major cyber threats. On the other hand, newer protocols such as SIP (Session Initiation Protocol) can also be tremendously vulnerable to cyber threats without proper controls in place.

Telecom networks are increasingly using cloud computing to support their operations. While a cloud network is considered more secure than on-premise infrastructure, it is not completely invincible and comes with its own security concerns. A successful attack on the cloud network can impact multiple virtual machines at the same time, posing a severe risk.

Vermilion Strike is a threat that impacts Linux and Windows systems, and the telecom industry is particularly vulnerable to it. The Linux malware is completely undetected by vendors and the malware grants remote access to cyber criminals to upload files and run shell scripts. Vermilion Strike is used in targeted attacks rather than mass attacks. On the other hand, ShellClient is an RAT (Remote Access Trojan) malware that can steal sensitive information from compromised devices.

Telecommunication organizations should step up their game in innovating cybersecurity solutions to mitigate the numerous security threats faced. The telecommunication sector should invest in appropriate technologies, processes and people to support research and adoption of innovation in their cybersecurity strategies.

Glow’s role

Here at Glow, we believe in a ‘safety first’ approach and follow proper protocol to make sure we are compliant with the best practices when it comes to cybersecurity. We spare no effort in making sure that unscrupulous elements have no access to sensitive data, resulting in great service and satisfied clients. After all, it’s our clients who determine our success in the industry!