Unraveling the multifaceted threats facing telecom companies

In today’s interconnected world, telecom companies serve as gateways, connecting individuals, businesses, and governments. However, this role also makes them prime targets for cyberattacks. From DDoS attacks to sophisticated spyware infiltration, telecom providers face a wide range of threats that can disrupt services, compromise data, and compromise subscriber privacy.

In this Help Net Security interview, Georgia Bafoutsou, Cybersecurity Officer at the European Union Agency for Cybersecurity (ENISA), explores some of the common attack vectors that target telecom companies, their third-party providers, and the subscribers of their services.

What are some common attack vectors that target telecom companies, their third-party providers, or the subscribers of a telecom service and how equipped are telecom providers to deal with this type of attacks?

There are several types of attacks that may target telecom companies and/or their third-party providers.

Among the most impactful ones:

• Distributed Denial of Service (DDoS) attacks: During a DDos attack, the networks and/or systems are flooded with traffic, so that they become unavailable. This is not a new attack, in fact it celebrated its 20th anniversary in 2019, however it has a significant role in the current cybersecurity threat landscape. The ENISA Threat Landscape 2022 reported that VoIP providers are increasingly becoming a preferred target for DDoS cybercriminals.
  In general, telecom operators are well equipped to handle DDoS attacks, since they have a good overview, control and monitoring of their networks.
• Ransomware attacks continue to be a major security consideration for enterprises, also in the telecom sector.
• Network intrusions, obtaining some form of unauthorised system or data access, that can be used for espionage and data exfiltration, or the preparation of further cyberattacks.
  Detecting and preventing network intrusions is an important challenge for telecom operators.
• Signaling attacks, exploiting the vulnerabilities of signaling protocols like SS7 and Diameter. These attacks can be very impactful to individual subscribers, leading to geolocation or even eavesdropping.
• SIM Swapping attacks are widespread, having mostly a financial impact. ENISA has published a paper giving an overview of how this attack works, listing measures that providers can take to mitigate the attack and including recommendations for policy makers and authorities in the telecom sector and other sectors (Countering SIM-Swapping).
• Targeted attacks to subscribers with spyware like Pegasus or Predator that can steal location data of the user, or even track the user conversations and messages.
• Smishing attacks (phishing via SMS) leading to the installation of malware like Flubot, and consequently to capturing credentials and credit card details, or intercepting messages of users.
• Supply chain attacks can have a lot of impact, because they allow an attacker to target many operators at once. The ENISA Threat Landscape 2022 observes an increased interest of threat groups in supply chain attacks and attacks against managed service providers (MSPs). In 2021, ENISA’s Threat landscape for supply chain attacks shows that in 66 % of the supply chain attacks analysed, suppliers did not know, or were not transparent about, how they were compromised. To address the rising concern for supply chain-related risks, ENISA has just published an overview of the current supply chain cybersecurity good practices followed by the operators in the EU (Good Practices for Supply Chain Cybersecurity).

Given that telecoms act as gateways into multiple businesses, how can they ensure the security of these connections, especially considering that these points can become potential attack targets?

Telecoms own much of the infrastructure that other businesses use for their operations. Therefore, they have a great responsibility towards them.

Basic cyber security recommendations for telecoms include:

• having well-defined security requirements for products and services
• using secure equipment from trusted vendors
• being aware of the threats to their own networks and services but also to their customers
• taking suitable measures to mitigate the risks and avoid incidents
• being able to coordinate and effectively respond to incidents and minimize their impact.

The sector can also act as a shield for the other sectors, mitigating attacks before they reach other businesses.

What role do governments and regulatory bodies play in enhancing telecom security, and how does ENISA contribute to this process?

Governments and regulatory bodies are given the power and the means to enforce rules promoting cybersecurity culture, enhancing consumer protection and strengthening networks.

Telecoms are now under NIS Directive 2. Overall, the updated NIS Directive simplifies EU cybersecurity legislation. For telecoms, the security requirements already in effect, are not going to change in essence.

ENISA has been acting as a bridge between the sector and the relevant public bodies and has been offering guidance for harmonising the security requirements and supervision practices in Europe.

To this end, ENISA has published the “Guideline on Security Measures under the EECC” and also the “5G Supplement”, that focuses on the cybersecurity of 5G networks.

ENISA is also supporting telecom sector with regular situational awareness information, sectorial threat landscape reports and deep-dives on specific technical topics).