Top 5 Telco Cyber Threats: Mitigation Strategies

27 May 2020

The global cost of cybercrime continues to rise each year. Financial losses, for instance, reached $2.7 billion in 2018 and are projected to exceed $6 billion in 2021. At an individual level, each company lost $13.0 million to cybercriminals in 2018 compared to $11.7 million in 2017 – a 12% rise. These attacks target anyone and everyone. More than 1.5 million individuals fall victim to various types of cyber-attacks every day, for instance. At an average cost of $197, it means that individuals lose up to $110 billion to cybercrime ever year.

Young women using computer, Cyber security concept.

Small and medium-sized businesses, however, are the biggest victims. According to a Data Breach Investigations Report, 43% of all nefarious online activities target small businesses. When the dust settles, small companies with less than 500 employees lose an average of $2.5 million to cybercrime incidents yearly.

In light of these pervasive threats, safeguarding personal and corporate digital spaces has never been more crucial. Families and businesses alike are turning to Top-rated security solutions Adelaide to fortify their defenses against the relentless onslaught of criminal activities. Recognizing the importance of proactive measures, individuals and organizations are investing in cutting-edge technologies and expert guidance to navigate the evolving landscape of threats, fortifying their perimeters against the ever-growing sophistication of both cyber and physical adversaries. Just as cyber security is paramount, acknowledging the significance of physical security measures underscores the comprehensive approach needed to ensure a robust defense against the diverse range of threats faced in the modern world.

5 Common Telco Cyberthreats & Mitigation Measures

For telcos, the first step to dealing with these threats is knowing what you’re likely to face. So, let’s round up some of the most common (and costly) telco cyber threats to give you a starting point for your cybersecurity strategy.

#1: DDoS attacks

A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal flow of traffic to a particular server, service, or network. This type of attack achieves its effectiveness by overwhelming the target or its surrounding infrastructure with “artificial” traffic.

Typically, computers or machines in an IT network are infected with malware, turning these machines into bots. The attacker then gains control of the bots and can remotely send a new set of instructions to each bot.

According to security company Neustar, both the number and scale of DDoS attacks are on the rise. DDoS attacks can be mitigated in three steps;

  • Make your architecture as resilient as possible.
  • Where possible, scale up your network bandwidth
  • Deploy hardware that can handle known types of DDoS attacks

If you’re unable to meet all the three requirements, it would be best to outsource to providers with better capacity

#2: DNS Attacks

Domain Name System (DNS) attacks are where an attacker targets vulnerabilities in the domain name system.

DNS attacks aim at compromising the DNS infrastructure, either by rendering the DNS unavailable or subverting the answers provided by the service. Common types of DNS attacks include network floods, reconnaissance, unauthorized updates, subdomain attacks, and cache poisoning.

This form of attack has also been on the rise, with 83% of telcos reporting a DNS attack in 2018. Worse still, the cost of DNS attacks is increasing every year. A single DNS attack on a telecom company climbed to $886,560 in 2018, compared to $622,100 in 2017. Where an attack occurs, it takes at least three employees 17+ hours to mitigate the attack.

Telcos can address DNS attacks in four steps;

  • Switch from reactive to proactive cybersecurity response
  • Build up a real-time DNS threat detection suite
  • Implement query monitoring and logging for suspicious endpoints
  • Leverage ML to enhance your firewall response to suspicious hostnames

#3: Network-level threats

Telecommunication companies connect millions of devices. This number is only going to increase as IoT becomes a reality. In fact, according to Gartner, there could be as many as 25 billion connected devices by 2021.

This exponential growth will come with many challenges, chief among them securing data transmission and preventing unauthorized access. Two factors make the situation worse. First, some devices come with security vulnerabilities from the manufacture. Secondly, if an attacker can penetrate just one device, they would have found a way into the broader network!

Once inside the network, hackers can execute a wide range of attacks, including network congestion, node jamming in WSN, Sybil attacks, eavesdropping, and RFIDs interface and spoofing.

To deal with these threats, telcos are encouraged to first check with the IoT security assessment checklist developed by GSM. Additionally, network operators should;

  • Use UICC guidelines for secure IoT device identification.
  • Offer data encryption services for all IoT service providers.
  • Ensure secure authentication for all devices and networks

#4: SIP Attacks

Session Initiation Protocol (SIP) hacking is the most common Voice-over-IP (VoIP) cyber-attacks. According to IBM Managed Security Services (MSS) data, SIP attacks account for over 51% of all VoIP security event activity analyzed yearly.

This makes sense, considering that SIP is also the most commonly used application layer protocol in VoIP technology. Once a hacker takes hold of the protocol, he can tap into encrypter calls, distribute malware, and tamper with the quality of VoIP services. Common forms of SIP attacks include SIP trunk hacking, SIP troll fraud, Caller ID spoofing, and eavesdropping.

2019 was one of the worst years in terms of this form of attack. In one instance, an attacker targeted over 1,500 unique gateways serving about 600 businesses and injected malware into one company’s outgoing server directory.

Telcos can take the following steps to prevent such SIP attacks;

  • Ensure strong encryption of your TLS and RTP
  • Maintain fail-proof Session Border Control (SBC)
  • Implement anti-spoofing for all SIP connections

#5: SS7 Attacks

Finally, an SS7 attack is one that exploits design flaws in the Signaling System 7 of telecommunication networks. Although the SS7 itself is a very strong network, it significantly relies on the other party to corporate. Unfortunately, that’s not always the case with third-parties.

Most telcos, for instance, offer access to their networks as a commercial deal. Some also grant governments access to the networks for purposes of public surveillance. Once you provide such access to a third party, you open up the network to many other people, including hackers. Whatever follows is anyone’s guess.

One of the most memorable SS7 attacks in 2019 was aimed at Metro Bank, targeting bank accounts. In this instance, the attackers intercepted SMS text messages used as two-factor authentication.

Telecommunication companies can apply the following best practices to defeat SS7 attacks;

  • Employ extensive monitoring that covers inbound and outbound traffic
  • Update your firewall configuration rules to harden your nodes
  • Consider external penetration tests and network security assessments.
  • Employ real-time anomaly detection to flag suspicious activity

How NIX Solutions Can Help

NIX Solutions specializes in emerging business IT solutions. We help companies to stay on top of technologies that can help them cut costs while boosting efficiency and productivity. Give us a call today to discuss your challenges, and let’s help you find lasting solutions.