The telecommunications industry connects us with each other, but with their vast infrastructure, and customer bases often in their millions, these companies offer a wealth of potential entry points for attackers to exploit. Almost half of telecommunications organizations suffered from DNS-based malware in 2019 alone, yet the majority (81 percent) waited at least three days to apply patches once notified of a breach. And with the roll out of 5G exacerbating potential breaches, service providers need to be ready to protect customer data and themselves as they innovate.
Telecom operators and MSSPs like AT&T, Verizon, and T-Mobile are transitioning from network to cloud service companies to streamline their business operations, store and distribute their content, and roll out new applications. IoT adoption has also increased due to its use in connected mobile devices, creating more entry points for hackers to exploit and leaving users, clients, and companies exposed. And telecom firms have done little to prevent this, with only 45 percent deploying a mobile device security strategy.
Typical threats targeting telecoms
The telecommunications industry is being targeted on two fronts: from direct attacks intended to breach their organization, and indirect threats intended to breach their customers or subscribers. In the first quarter of 2021, the telecommunications industry was the most targeted by distributed denial of service (DDoS) attacks – a significant jump from the previous year. In June 2021, a cyber attack now believed to be the largest ever launched on North American telecom operators caused cell phone network disruption in multiple states. The cost of DNS-based attacks like DDoS, Distributed Reflection Denial of Service (DRDoS), and cache poisoning are surging. System downtime, recovery costs, and legal fees add up; a DNS attack costs telcos an average of US$886,560.
Another recently identified threat comes from malicious hacking group LightBasin, which has been “consistently targeting the telecommunications sector at a global scale since at least 2016 … to retrieve highly specific information from mobile communication infrastructure.” The custom tools that the threat actor uses enables LightBasin to collect text messages, call information, and a whole host of other personal data that allows targeted individuals to be monitored and tracked with great accuracy. At least 13 telecommunications companies have already been breached by LightBasin since 2019.
Internal weaknesses can also be a threat to telecommunications firms’ security. Whether it’s through malicious man-in-the-middle attacks that use employees to help breach the perimeter, or a lack of employee cyber awareness making networks far more likely to be hit by phishing or social engineering attacks, internal weaknesses must be identified and addressed. Research has found that 74 percent of employees, including the C-Suite, working for Fortune 1000 telecom companies are reusing passwords across multiple work and personal accounts, making the job of hackers far easier in attacks such as credential stuffing.
The compliance challenge
As well as the threat of cyber attack, holding the types of data that the telecommunications industry does comes with unique legal obligations. Sensitive data such as PII and financial information are protected under data protection laws and international standards from GDPR in the EU, to the CCPA in California, APPI in Japan, and PCI DSS for payment data specifically. Failure to comply with these frameworks can lead to not just financial penalties, but severe reputational damage for organizations of all sizes.
Outsourcing and increasing telcos’ cyber protection
Centripetal CleanINTERNET delivers a fully managed, comprehensive cyber threat intelligence service for businesses of all sizes. Our scalable, easily deployable, and effortlessly implemented solution gives MSSPs, ISPs, and system integrators an unprecedented level of protection that filters threat traffic at scale. CleanINTERNET creates a Zero Trust environment by aggregating, correlating, and managing over 3,000 cyber threat feeds, using AI to identify potential new threats as they develop. Our team of expert analysts then report back to you directly, alleviating the burden on your team and reducing the amount of SIEM and firewall alerts by up to 70 percent. As well as enabling compliance with the relevant security frameworks, the solution saves millions that would be spent on multiple separate threat feeds. CleanINTERNET is architected to easily integrate into any MDR (Managed Detection and Response) program for added prevention capability and additional service offerings for MSSPs.
Find out more about our work in the telecommunications industry and with MSSPs by chatting with a member of the Centripetal Sales team.