The telecommunications industry is responsible for keeping the world connected. Telecom operators build, operate, and manage the complex network infrastructures required for all communications. Obviously, these networks deal with enormous amounts of sensitive data. This makes them attractive targets for attacks from malicious entities. The World Economic Forum in its Global Risks Report 2019, reported that the risk of cyber-attacks was among the top 5 fastest growing threats in public perception.
Telecom operators need to arm themselves against this growing risk. This post is an attempt to drive that point home by looking at where the threats could emerge from and their possible impact!
Telecommunications providers are under fire from two sides:
- They face direct attacks from cybercriminals intent on breaching their organization and network operations
- Indirect attacks from those in pursuit of their subscribers.
Main Network Security Threats Include:
Supply Chain Threats
As the GSMA has also said, telecom operators rely on numerous external suppliers to deliver infrastructure, products, and services. It represents a complex supply chain where downstream links inherent risks and vulnerabilities. Attackers need not address their planned target directly. In several cases, they can achieve their aim by compromising the supply chain where it is least secure.
Instances of supply chain threats are common including tampering with chipsets, vendors releasing devices in an insecure state, and government decisions impacting supply chain resilience. This highlights the significance of understanding how products are developed and introduced into the ecosystem and managed throughout their lifecycle. The software supply chain is arguably more complicated. According to the 2018 DevSecOps Community Survey, there was a 55% increase in breaches caused by vulnerable open-source software.
A failure to secure the supply chain can result in erosion of brand and trust, regulatory action, and high costs to the operator. The onus is on telecom operators to examine the products, toolsets, and technologies that form a part of their infrastructure from the security perspective.
Mobile Network Operators specifically and telecom operators, in general, must gather, process, and store customer data to operate efficiently. Privacy concerns have triggered onerous regulations like GDPR in several locations. An inability to understand these laws or poor implementation can curb the flow of data and curtail the operator’s overall view of their network. Obviously, this can trigger inefficiencies for the network and create openings for attackers to go undetected, and pose a threat to the privacy and security of citizen’s data.
Such a failure to consider consumer privacy, regardless of legislative requirements, can also result in stiff fines, penal action, and even a brand-killing backlash, as seen with the LocationSmart service in the US.
As those in the telecom sector know, a signaling exchange establishes/maintains a communication channel or session on mobile telecommunications networks and assigns resources, and manages networks universally. 2/3G leverages SS7 and SIGTRAN, while 4G depends on Diameter. All generations employ SIP and GTP. Several essential services, such as short messaging service (SMS), are managed by these protocols.
While tried, tested, and trusted, many of these protocols are dated. They were often applied without an authority model but depended on implicit trust within a closed industry. Now look at the inherent insecurity of this approach in the context of the role in operating several network functions, and it will be clear that any security threats identified against these services will have a high impact. Many will remember that in 2017 an incident in Washington DC, close to the White House, saw attackers use a fake base station and SS7 access to obtain subscriber information.
Predominantly these attacks target consumers and cause a breach of privacy with all the ramifications of potential regulatory action and reputational damage.
The network perimeter is blurring, and the cloud is being regularly leveraged to facilitate operators’ operations. The cloud is where network, storage, and compute resources often reside these days. And yes, an external supplier manages all these applications.
The loss of direct control of such critical operations may diminish the operator’s level of control over the network performance, optimization, data, and quality of services. The operator also loses the capability to assess and alleviate security threats directly. They are forced to depend solely on contractual or service level agreements with the cloud provider. Seen in that light, cloud services pose a potential combination of risks concerning network availability, supply chain, and privacy.
The IoT Threats
This year has seen a major IoT thrust. And obviously, security threats are emerging. The industry has identified that several customer device manufacturers have little consideration for, or competency in, security. It’s not uncommon for them to hand over the accountability to secure the device to the uneducated customer without security instructions. These devices, when deployed, are also attached to the operator’s network. Attacking the network by leveraging these devices could potentially harm operators.
Most IoT threats come from attackers exploiting factory default settings or poorly configured devices. IoT devices are a desirable target. The significant volume of devices means many potential access points. The attacker can employ the same technique to attack different devices regardless of their primary function, leading to a large surface subject to attack with minimal effort. For eg., in 2016 the Mirai botnet, the mother of many modern IoT botnets, hijacked over 600,000 devices. The initial attack took down OVH hosting and DynDNS services.
Of course, in these cases, attackers don’t want to disrupt the network. They desire continued access to the network for information disclosure and that’s just as disruptive in the long run.
Having said all that, it’s unfortunately true that network attacks usually succeed due to human nature. Humans make mistakes; these are often taken advantage of by attackers to gain a foothold into the operator’s network. Employees may become disgruntled, leading to a desire to attack the operators. Internal human threats come in many forms, some malicious, others not.
Not all customers comprehend the threats their devices bring to the operator and network ecosystem. However, suppliers of the device, software (app) developers, and over the top service (OTT) providers are aware of the threat to the device. Because of the long-term nature of such customer relationships, several operators take over and address several device threats.
In April 2018, the WikiLeaks hacktivist group leaked a suite of hacking tools believed to belong to the Central Intelligence Agency (CIA). The leak exemplified to what extent nation-state level technologies are thought to be used in the fifth generation of cyber-attacks. Nokia reports that Android devices were responsible for 47.15% of the observed malware infections in 2019 and are the most targeted OS.
Why Revenue Protection Becomes a Mandate?
In this competitive world, revenue leakage is one of the most significant worries affecting telcos around the world. For operators, who are also distressed by deteriorating margins from the conventional voice business, protecting the existing revenue sources becomes crucial. Over the years, several research reports have highlighted the massive loss to the industry due to inadequate fraud protection and poor revenue assurance processes.
The critical challenge with revenue protection is the long gap between revenue leakage detection and fixing it. Considering the enormous volume of transactions produced in the present-day customer-centric world, telcos cannot afford such gaps. With the new problems brought by IP networks and the sophisticated interconnection frauds, detecting, and redressing the glitches becomes even more important.
Obviously, lessening the leakage exposure time can result in significant savings. Also, revenue protection is linked to multiple processes, including data collection, billing, settlement, and operations. Thus, coherent strategies for revenue protection can give telcos increased visibility into all aspects of subscriber data and help them to improve the Quality of Service (QoS). This could help improve the subscriber experience and drive up loyalty.
Subscriber management is a crucial element of revenue protection as it facilitates operators to handle customer attrition. The operators require to have visibility into subscriber’s usage and billing patterns. Such insights will enable them to introduce the right mix of services that enhance customer value and ARPU. Subscriber management proves crucial to remove billing errors and disputes.
Vulnerabilities exist on several levels in the telecom landscape: hardware, software, and human, and attacks can come from many directions. Telecom operators need to start considering security as a process that encompasses threat prediction, prevention, detection, response, and investigation. Intuitive revenue protection systems can further help in stemming the tide of lost revenue by making it possible for operators to view all potential revenue leakages in real-time for every process.
A comprehensive, multi-layered security solution based on the latest technology is a vital element to achieve this, but it is not sufficient on its own. The technology becomes a vital first step that must be followed by collaboration, employee education, and shared intelligence.