World Telecom Providers Hacked and Used to Spy for Years

Reports Show Industry At Risk For Cyber Attacks

Several reports published over the past year provided evidence the telecom industry is actively being attacked by sophisticated nation state hostile cyber actors.  The telecom industry is a prime target for hostile actors.  Telecom providers, as a fact of doing business, have sensitive data about their customers and their activities on the telecom network.  Many telecom providers sell multiple communications services to their customers and in doing so have increased the amount of risk in the event of a breach.  Let’s quickly look at two of them:

One report from a survey of 96 global telecom providers by Coleman Parkes shows that 43% of providers were the victim of attacks to their Domain Name System or DNS.  Hostile actors attack DNS to trick the internet into routing traffic to a malicious server they control.  This allows the hostile actor to steal passwords or other sensitive data.  This survey also found that 81% of the telecom providers attacked took three or more days to recover from a DNS attack.

A cybersecurity incident report by the security annalists at Cybereason details a breach of a telecom provider that was undiscovered for over two years.  Sophisticated nation state hostile cyber actors targeted this telecom for information on client call logs, devices, physical location of users, and information on the provider’s communications infrastructure.  The hostile actors persistently changed tactics often to elude detection and remain active in the telecom provider’s networks.  During the attack the hostile actors were able to stealthily exfiltrate critical data out of the provider’s network with out detection.

Cybersecurity Must Be A Top Priority

Telecom providers are the foundation of all that an organization does in our modern connected world.  Without a telecom provider an organization is not able to connect to service existing clients or market to new ones. Telecom providers play a critical role to their clients and because of this role must make cybersecurity a top priority.  In many countries the telecom industry is classified as critical infrastructure.  Extensive steps have been taken to ensure the physical security of telecom infrastructure, however now is the time for providers to ensure the cybersecurity of their infrastructure.

Telecom providers are like almost any other company with technology.  Telecoms have a considerable amount of specialized telecommunications equipment but all of this relies on many of the same hardware and software used by any other enterprise to conduct operations.  The common thread in many telecom breaches is vulnerabilities in common enterprise systems or applications and not in specialized telecommunications equipment.

Telecom providers must build a strong culture of cybersecurity that includes proper cybersecurity training for their employees and incorporates a security program that is based on defense in depth.  This approach of training and multiple layers of protection and visibility into risk and threats is critical to protecting their clients.  Many telecom providers have experts in the technology they provide to their clients.  Working with a partner that can bring in the strong cybersecurity services as well as experts on threat actors is critical to ensuring the security and privacy of a telecom provider’s clients.


Post by Remote Process