In a 5G world, cybersecurity is needed more than ever to protect networks, data and users from threats. There are several threat actors that have been actively targeting the telecom sector for more than 10 years and are growing considerably. These threat actors use a broad range of tactics, techniques and procedures—including phishing, social engineering and exploiting vulnerabilities in software and hardware—to breach telecom service providers’ networks and gain access to sensitive data such as call records, subscriber information and network configuration details.
Attacks often involve sophisticated malware and backdoors to gain persistent access to target networks, allowing the threat actors to carry out their operations undetected for extended periods. With advancements in telecom technology, security breaches are also increasing measurably as the methods and tactics of cyberattacks become more sophisticated. For example, in the 5G world, attackers may attempt to compromise one slice and then move laterally to other slices or the core network, potentially gaining access to sensitive information or disrupting critical services.
Since it can take days or even weeks/months to discover this type of compromise, security cannot be an afterthought for many providers.
The rise of IoT and cloud technologies in both residential and enterprise networks has contributed significantly to the expansion of botnets. DDoS bots are no longer limited to just home computers and routers — they now include remote monitoring and surveillance systems, digital video recorders, point-of-sale terminals, smart thermostats that control heating and cooling, devices used for remote data collection (e.g., water meters and parking meters) and even medical imaging systems in the healthcare industry. Even if 99% of enterprise IoT devices are secure, in a landscape of billions of connected devices, the remaining 1% that are vulnerable to compromise and exploitation represent a significant and growing threat.
Botnets are now the source of tens of thousands of DDoS attacks daily and each can involve anywhere from several thousand to several million IP addresses. In the first quarter of 2023, 90% of complex, multi-vector DDoS attacks were based on botnets. These attacks can bring to a halt many telecom networks—and in doing so, disrupt communications services and infrastructure across an entire country. In geopolitical conflicts, DDoS attacks are aimed primarily at government sites, telecom networks and banks.
Today, almost everything is dependent on connectivity, so telecom networks, also referred to as mission-critical networks, need robust telco security, which is far more sophisticated and demanding than conventional IT security. The adoption of 5G has led to the unprecedented convergence of the IT and telecom worlds and a multitude of new technologies operating in the core of the telecom networks. This increases the potential for malicious actors targeting the growing supply chain of vendors and subcontractors who now have access to sensitive information or critical systems, to exploit these third-party relationships to gain entry into telecom networks.
To defend against these threats to 5G networks, telecom service providers must have a comprehensive and proactive security strategy in place. Given the dynamic and complex nature of 5G networks, real-time visibility into traffic and advanced threat detection and response are critical. To mitigate the risks posed by supply chain threats, service providers should conduct thorough due diligence on their suppliers and vendors and implement strict security controls for all third-party network access. This includes multi-factor authentication, role-based access control and privileged user monitoring. Performing regular vulnerability assessments and penetration testing on a regular basis can help identify and address potential security weaknesses in 5G networks.
Cyberthreat intelligence plays an important role in providing an in-depth understanding of potential threats to telecom networks, including malicious actors and their motivations. By staying informed of the latest attack trends, service providers will be better able to implement effective security strategies to protect their networks and their customers’ data.
Service providers should measure their telco cyber-risk index to identify any gaps or weaknesses in their technology, processes or policies. This also enables them to understand the current state of risks or threats that could leave the network vulnerable to cyberattacks. Additionally, using a cyberthreat intelligence framework that focuses on attack phases, tactical objectives and techniques used by adversaries can provide a comprehensive threat view and insight into how to respond appropriately.
- Cybersecurity Goals Conflict With Business Aims
- BSides Buffalo 2023 – Richard Smith – Enriching Your SOC Investigations With Insights From Active Directory