Industry Thought Leadership

The Telecom industry keeps the world connected. From private communications to business interactions, it is an intrinsic part of our daily lives, and we take many elements for granted. Be it via the phone, across the internet, over airwaves or cables, this sector makes it possible to communicate in rapid time anywhere around the world. Our modern and fast moving world relies so heavily on connectivity and the telecom industry, which lies amid this domain, should be secured from the malicious cyber-attacks that are bound to occur.
From satellite companies, internet providers, telephone corporations, the infrastructure behind these organizations makes it feasible to send videos, audio and text around the globe, which aids in collaboration and development in practically every industry.

In recent years, as technology has developed, our world has grown, and as the threat landscape has changed, cyber-attacks specifically against the telecom industry are soaring. Given that this industry controls a vast majority of complex and critical national infrastructure, the impact of a successful attack is not only significant, but extensive.

Security systems for companies based in telecommunications are predominately threatened by cyber-attacks, due to the overwhelming amount of sensitive information available.
In a few cases, telecom companies will act as intermediaries in the chain from supplier to subscriber, which opens even more vulnerabilities to the security of the architecture.

Cybersecurity Threats in Telecommunications
With the additions of cloud computing, IoT, AI technology, and a growing number of connected devices, the perimeter of visibility is widening.

An important key point when attempting to reduce overall risk is acknowledging the wide variety of possible threats to your telecom cybersecurity, which may include:

• DDoS (Distributed Denial of Service) Attacks: Cyber attackers intentionally overwhelm their target with a stream of Internet traffic to deplete their victim’s uptime and availability.
• Data Breaches: Telecom providers continue to struggle with these attacks as they are prime targets due to their valuable data and the breadth of their services.
• Internal Threats & Human Error: This type of risk is always present in a company, typically stemming from an employee who intentionally, or by mistake, compromises the security of the system, resulting in the loss or theft of data.
• Indirect Client Attacks: Telecom companies often have a large client base, due to which they are more at risk for attacks targeted to their customers from cybercriminals, such as identity theft, malware, and phishing attempts.

Communication networks need to be resilient. Especially, as the scope, variety, and complexity of current cybersecurity threats are increasing exponentially.

The growing volume of data transmissions, legacy technology, and signaling protocols, the increased role of cloud technologies and legacy DNS and DDoS attacks are among the most common “bullets” telcos need to dodge on a daily basis.

The Main Types of Cyber Threats and Ways to Mitigate Them

1) SS7 and Diameter Signalling Threats
A number of core telecommunication services are still powered by old protocols such as SS7 (Signalling System No. 7) or Diameter.

SS7 protocol, in particular, has become one of the central cyber threats to the banking industry since hackers can easily intercept 2FA authentication codes and drain users’ accounts.

Newer protocols such as SIP (Session Initiation Protocol) can also be extremely vulnerable to cyber threats without proper controls in place. For instance, in 2018 a group of attackers managed to stage a denial of service (DoS) attack on Cisco equipment through leveraging malformed SIP traffic.

According to a report by the European Union for Cybersecurity, most telecoms have implemented the basic security measures for SS7 attacks:

• Cybersecurity Best Practices for SS7 and Diameter Protocols
• Exhaustive monitoring that covers all interconnect and outgoing traffic, as well as core network elements.
• Harden network nodes by implementing better firewall configuration rules.
• Conduct regular external network security assessments and penetration tests.
• Implement real-time anomaly detection systems to identify more advanced attacks and their prequels.

2) SIP Hacking
Session Initiation Protocol (SIP), used in most voice-over-IP (VoIP) communications, is another prime target for malicious parties. Without proper security measures, hackers can easily tap into encryptedcalls, distribute SIP malware and otherwise tamper with the VoIP services you are provisioning.

Here’s a list of cybersecurity threats that were common:

• SIP trunk hacking
• SIP toll fraud
• Eavesdropping
• Caller ID spoofing
• DDoS attacks on PBX systems

Utility suppliers in the US faced a series of VoIP attacks last year. An attacker was initially targeting 1,500 unique gateways tied to some 600 businesses, but later focused on a single company and, using a command-injection technique over HTTP, injected a malicious web shell into the company’s server outgoing directory. Granted, the hack was discovered in time before much damage had been done.

Best Practices for Protecting SIP Signalling

• Enforce strong encryption over your Transport Layer Security (TLS) and Real-Time Protocol (RTP) to protect all data transmissions.
• Implement anti-spoofing for SIP messages. Ensure that you have proper in-built mechanisms for challenging messages and authenticating SIP clients.
• Maintain strong Session Border Controller (SBC) controls that perform deep packet inspection of all SIP messages and prevent unauthorized SIP traffic.

3) DNS Attacks
DNS (Domain Name Security) attacks still remain a major sore point for telcos. What’s worse, is that the cost of such attacks is increasing year-over-year. In 2017, one such attack usually costed a telecom company $622,100 on average.

In 2018, the figure rose by 42% and reached $886,560 on average. To a large extent, this drastic increase can be attributed to slow response time: on average 3 employees need 17+ hours to mitigate such cybersecurity threats.

Another report from 2018 indicates that telecom providers had the highest volume (30%) of sensitive customer information stolen through DNS attacks when compared to healthcare, banking, education, and public services sectors. In general, 43% of telecom companies were victims of DNS-based malware and 81% needed 3+ days to apply a critical security patch.

DNS Attack Prevention Best Practices

• Switch from a reactive to a proactive approach to cybersecurity. Start applying adaptive countermeasures.
• Implement real-time analytics for DNS transactions and gradually build up a behavioral threat detection suite, capable of detecting both known and emerging cyber threats and protect against data theft/leaks.
• Enhance your firewalls with ML-driven response policies on traffic to suspicious hostnames.
• Implement query monitoring and logging for all suspicious endpoints.

4) DDoS Attacks
Telcos are usually the prime target for DDoS attacks. As much as 65% of the global DDoS attacks in 2018 were aimed at communication services providers and the figure still remained high in 2020.

Another recent report reveals that the following DNS attacks are on the rise too:

• Multi-vector attacks – targeting several protocols at once – increased by 65% in the fourth quarter of last year.
• DNS amplification is the most popular current cyber threat for DDoS attackers. In 2019-20, it has been present in one-third of all attacks.
• The average bandwidth attack increased to 5 Gbps in 2020 – up from 2 Gbps in 2016.
• Corrupt cloud servers are under fire too. The volume of DDoS attacks involving these increased to 51%.

Notably the biggest issue with DDoS attacks for telcos is that a large-scale attack could easily create a domino effect. For instance, an operator network overload would likely affect a customer who co-resides or is reliant on the infrastructure transporting the attack.

How Telcos Can Protect Against DDoS Attacks

• Set up robust Access control lists (ACL) – your first line of defense. Note, however, that ACL has a scaling issue. A rapid increase of temporary ACLs, built to resist a large-scale attack, can have a major performance impact on different router hardware and software, making the overall management rather challenging. Thus, it’s best to write several scripts for automatic router configuration and ACL management.
• Implement black hole scrubbing – a variation of the block hole filtering technique. In this case, the traffic is redirected to a different physical interface – a scrubbing center – that can weed out the good traffic from the malicious one. A number of software vendors offer such solutions.
• Real-time DDoS monitoring is a must - The best-of-breed tools are now powered with machine learning functionality, meaning their detection accuracy progressively increases over time.

5) IoT Network Security
By 2021, Gartner estimates that some 25 billion IoT devices will be connected to telecom networks. Accommodating such an increased volume of data is just one part of the challenge though. Preventing unauthorized access, securing data transmissions and ensuring smooth monitoring of a much larger attack surface are the key security challenges for telcos.

Despite low adoption, IoT devices have already proven to present both internal and external threats to cybersecurity. First of all, the device itself can be exposed to various cyber threats and vulnerabilities due to manufacturing issues. Secondly, misconfiguration and lack of proper security measures make an IoT device an easy entry-point to the entire network of devices, or worse – the supporting architecture. In short, most attackers will have an easier way of finding a leeway as the surface of attack increases.

Some of the common types of cybersecurity threats happening at network level are as follows:

• Network congestion
• RFIDs interference and spoofing
• Node jamming in WSN
• Eavesdropping attacks
• Sybil attacks
• DDoS attacks
• Routing attacks

Offering solid protection against these is a joint responsibility between network operators and IoT users.

IoT Cybersecurity Best Practices
Below are some of the key best practices the association proposes against common cybersecurity threats:

• Network operators should use UICC based mechanisms for the secure identification of IoT devices. You can also provide single sign-on services for devices but mind the security trade-offs.
• Enable secure authentication for all devices, networks and service platforms associated with an IoT Service.
• Offer data encryption services to IoT service providers to ensure high communication integrity and increase network resilience.
• Deploy private networks to support various IoT networks. These can be developed using Layer Two Tunnelling Protocol (L2TP) and secured with Internet Protocol Security (IPsec)

Tech Mahindra’s’ PoV and Solutions for Cybersecurity in Telecom
Our experienced advisors are here to help customers navigate the increasingly complex realm of telecom cybersecurity programs and solutions available. A properly implemented security service for telecommunications will offer early detection of cyber-risks, decreased amounts of pointed attacks, rapid response rates for occurring incidents, and advanced overall protection. As cybercriminals continually modify their practices to adapt to changing opportunities, telecom cybersecurity solutions must evolve as well, with more predictive measures taken to mitigate threats before they have the opportunity to cause serious damage.

At Tech Mahindra, we offer personalized solutions in telecom cybersecurity to meet your business’s goals for Digital Optimization and Digital Risk Management. Our trusted advisors have over 200 years of combined IT experience in best practices in telecom cybersecurity.

We help in constructing a security strategy to defend customer’s company telecom systems against identified cyber threats. Through assessment, planning, and implementation, Tech Mahindra will be there with our customers every step of the way.

In supporting our customer’s business’s unique needs, our experienced IT consultants will aid in the selection process of a telecom cybersecurity solution which will secure and streamline your company’s workforce into the future offering the below services:

• Fully Managed Security Operations & automation playbooks
• MEC Security deployment with AppEdge - uCPE
• SD-WAN Security & Zero trust design architecture
• E2E Secure 5G & OpenRAN Security architecture & pilot deployments
• Secure Cloud Migration and cost based design
• Secure Digital BSS / OSS
• Data Security – Encryption, Tokenization & Anonymization
• Continuous IT Risk Management & Operators Assessment
• Cost Optimization & Security product Consolidation

The Conclusion
Telecom players have both an exciting and complex time ahead. On the one hand, the industry is undergoing major transformations, resulting in new revenue opportunities and value streams. On the other hand, an increased presence of new assets (such as IoT devices) and increased pressure on the old communication protocols enlarges the defense perimeter every telco needs to create.

Ultimately, to protect your networks against the pervasive cybersecurity threats in the telecom industry, you will need to switch from reactive security to proactive – one that relies on extensive monitoring and has predictive capabilities, powered by advanced analytics and AI. Conduct proper risk assessments for current systems, decentralize and automate the core security requirements with appropriate tools and run even deeper assessments for emerging technologies such as IoT, 5G, and NFV among others.