In light of the hacking on Acellion, Singtel’s third-party file-sharing vendor, insights into the cyber threat landscape of the telecommunications industry would be helpful in preparing enterprises on the possible security concerns that need to be addressed.
A study of the telecommunications industry’s cyber threat landscape conducted by IntSights. surmised that cyber attacks on telcos could result in large repercussions beyond the industry due to the pervasive nature of telecoms services, and their impact on other companies’ external internet traffic and customer relationships.
Furthermore, telecom providers consistently face an onslaught of rapidly evolving cyberattacks that threaten their employees, end users, partners, and business reputation.
The report also analyses the evolving tactics that threat actors use to breach telecommunications companies, and the steps that can be taken to mitigate top risks in the industry.
The sensitiveness of PII
One of their key findings was regarding the personally identifiable information (PII) possessed by telcos that are highly valuable. Should the information be obtained, criminals either sell the PII and employee data on underground forums for profit or use the PII for various fraudulent purposes.
Conversely, government intelligence services use it to support human intelligence operations, technical monitoring of communications, or facilitate the collection of signals intelligence (SIGINT).
In Asia, the report indicated that IntSights’ coverage of underground criminal forums found that a cybercriminal had offered to sell network access for what was described as the largest telecommunications service provider in Asia for 5 bitcoins (equivalent of approximately US$ 95,000 at that time) in late 2020.
Other key findings include:
- Availability of administrative and VPN accesses
The administrative and VPN accesses of telecommunications providers are attainable through the sale on underground criminal forums or by insider threats. This availability has led to the growth in SIM swapping attacks to gain unauthorised access to the networks of mobile service providers, as criminals are able to reroute SMS-based 2FA messages to the possession of attackers. There are even tutorials for SIM swapping attack techniques are readily available for sale on underground criminal forums.
- Cyber espionage
State-sponsored attacks on telecommunication providers for cyber espionage as phone and internet communications continue to be the most typical forms of SIGINT.
In 2019 and 2020, an Iranian cyber espionage group Greenbug targeted South Asian telecommunications providers. They repeatedly used PowerShell commands to download and execute payloads to expand its access in the compromised network.
Managing the risks
To mitigate the top risks to their industry, IntSights advised that telecom companies could utilise a comprehensive external threat intelligence solution.
Mobile service providers could establish and maintain insider threat programs, as malicious insiders are a leading way for criminals to gain the access needed to conduct SIM swapping attacks.
Investing in advanced threat detection and prioritising threat intelligence coverage of state-sponsored cyber espionage is another area that could be looked into, as the attacks of foreign intelligence services may be harder for their security teams to detect.
The value of telecommunications subscriber PII to both criminals and cyber espionage groups warrants special measures to protect it through encryption or network segmentation.
Additionally, using external threat intelligence can help security teams quickly identify and validate emerging cyber threats targeting their organisations before they evolve into attacks.
Proactive threat detection enables practitioners to react faster to threats and take measures necessary to ensure the security of their organization’s network and digital assets.
