By using this web site you accept our use of cookies. More information about cookies
Infopulse - Expert Software Engineering, Infrastructure Management Services
By using this web site you accept our use of cookies. More information about cookies
Infopulse - Expert Software Engineering, Infrastructure Management Services
Infopulse - Expert Software Engineering, Infrastructure Management Services

    Send message Please fill in this quick form and we will send you a free quote shortly.
    * Required fields
    Your privacy is important to us. We will never share your data.

      Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
      * Required fields
      Your privacy is important to us. We will never share your data.

        Subscribe to our New career opportunities Please fill in this quick form to be among the first to receive our updates.
        * Required fields
        Your privacy is important to us. We will never share your data.
        * Required fields
        Your privacy is important to us. We will never share your data.

          Subscribe to our updates Be among the first to get exclusive content on IT insights, innovations, and best practices.
          * Required fields
          Your privacy is important to us. We will never share your data.

            Photo of Alla Oliinyk Send an email to Alla Oliinyk Please fill in this quick form to contact our expert directly.
            * Required fields
            Your privacy is important to us. We will never share your data.

              Download ebook Please fill in this quick form
              * Required fields
              Your privacy is important to us. We will never share your data.

                Read the Full Case Study Don't miss the most interesting part of the story!
                Submit this quick form to see the rest and to freely access all case studies on our website.
                * Required fields
                Your privacy is important to us. We will never share your data.
                Infopulse - Expert Software Engineering, Infrastructure Management Services

                Security in Telecom: 5 Current Cyber Threats and Solutions

                Reading time: 8 minutes

                Communication networks need to be resilient. Especially, as the scope, variety, and complexity of current cybersecurity threats are increasing exponentially. The growing volume of data transmissions, legacy technology, and signaling protocols, the increased role of cloud technologies and “old-fashioned” DNS and DDoS attacks are among the most common “bullets” telcos need to dodge on a daily basis. Let’s take a closer look at the key of them.

                The Main Types of Cyber Threats and Ways to Mitigate Them

                SS7 and Diameter Signalling Threats

                A number of core telecommunication services are still powered by flawed protocols such as  (Signalling System No. 7) or  . SS7 protocol, in particular, has become one of the central cyber threats to the banking industry since hackers can easily   codes and drain users’ accounts.

                Newer protocols such as   (Session Initiation Protocol) can also be extremely vulnerable to cyber threats without proper controls in place. For instance, in 2018 a   managed to stage a denial of service (DoS) attack on Cisco equipment through leveraging malformed SIP traffic.

                However, implementing better signaling controls is proving to be a challenge for most telecoms due to the following:

                • Overall complexity
                • Privacy concerns
                • Global title leasing
                • Supply chain issues
                • Network misconfigurations
                • Traffic integrity

                Granted, according to a  , most telecoms have implemented the basic security measures for SS7 attacks:

                Basic security measures for SS7 attacks - 1

                Cybersecurity Best Practices For SS7 and Diameter Protocols

                • Exhaustive monitoring that covers all interconnect and outgoing traffic, as well as core network elements.
                • Harden network nodes by implementing better firewall configuration rules.
                • Conduct regular external network security assessments and penetration tests.
                • Implement real-time anomaly detection systems to identify more advanced attacks and their prequels.

                Also, keep an eye on updates from the   (FASG) work group organized by GSMA that is working on new end-to-end interconnect telecom security solutions for LTE and 5G networks.

                SIP Hacking

                Session Initiation Protocol (SIP), used in most voice-over-IP (VoIP) communications, is another prime target for malicious parties. Without proper telecom security system, hackers can easily tap into encrypter calls, distribute SIP malware and otherwise tamper with the VoIP services you are provisioning.

                Here’s a list of cybersecurity threats that were common in 2019:

                • SIP trunk hacking
                • SIP toll fraud
                • Eavesdropping
                • Caller ID spoofing
                • DDoS attacks on PBX systems

                Utility suppliers in the US faced a   last year. An attacker was initially targeting 1,500 unique gateways tied to some 600 businesses, but later focused on a single company and, using a command-injection technique over HTTP, injected a malicious web shell into the company’s server outgoing directory. Granted, the hack was discovered in time before much damage had been done.

                Best Practices for Protecting SIP Signalling

                • Enforce strong encryption over your Transport Layer Security (TLS) and Real-Time Protocol (RTP) to protect all data transmissions.
                • Implement anti-spoofing for SIP messages. Ensure that you have proper in-built mechanisms for challenging messages and authenticating SIP clients.
                • Maintain strong Session Border Controller (SBC) controls that perform deep packet inspection of all SIP messages and prevent unauthorized SIP traffic.

                DNS Attacks

                DNS (Domain Name Security) attacks still remain a major sore point for telcos. What’s worse, the cost of such attacks is increasing year-over-year. As per  , around 79% of the organizations faced DNS attacks in 2020. On average, the cost of a security incident was 924,000 USD. However, these stats are slightly better than a year before:   indicates that 82% of companies experienced DNS attacks that amounted to 1.1 million USD on average.

                  became the most favored industries by attackers: averaged 11.4 attacks, with 8% incurring losses more than 5 million USD per attack. What this data is telling us is that most telecoms are completely unprepared for the latest cyber threats from this group. So, let’s brush up on the key security measures.

                DNS Attack Prevention Best Practices

                • Switch from a reactive to a proactive approach to cybersecurity. Start applying adaptive countermeasures.
                • Implement real-time analytics for DNS transactions and gradually build up a behavioral threat detection suite, capable of detecting both known and emerging cyber threats and protect against data theft/leaks.
                • Enhance your firewalls with ML-driven response policies on traffic to suspicious hostnames.
                • Implement query monitoring and logging for all suspicious endpoints.

                DDoS Attacks

                Telcos are the prime target for DDoS attacks. As much as   of the global DDoS attacks in 2018 were aimed at communication services providers and the figure still remained high in 2020. Another   reveals that the following DDoS attacks are on the rise too:

                • from February to September 2020, DDoS grew by half and was on average 98% higher than it was during the same period a year earlier. Furthermore, around 50 million DDoS attacks happened globally within a 12-month period.
                • high-volume 50 Gpbs + attacks became a pressing issue for businesses lacking adequate protection.
                • 59% of the total number of attacks were multi-vector incidents, which organizations are too weak to fight against.
                • the most long-lasting DDoS attack was 5,698 minutes. This equals to 4 days of non-stop attacking. Notably, the key issue with DDoS incidents for the telecom sector is a ripple effect an attack of such magnitude can cause.

                How Telcos Can Protect Against DDoS Attacks

                • Set up robust Access control lists (ACL) – your first line of defense. Note, however, that ACL has a scaling issue. A rapid increase of temporary ACLs, built to resist a large-scale attack, can have a major performance impact on different router hardware and software, making the overall management rather challenging. Thus, it’s best to write several scripts for automatic router configuration and ACL management.
                • Implement black hole scrubbing – a variation of the block hole filtering technique. In this case, the traffic is redirected to a different physical interface – a scrubbing center – that can weed out the good traffic from the malicious one. A number of software vendors offer such solutions.
                • Real-time DDoS monitoring is a must. The best-of-breed tools are now powered with machine learning functionality, meaning their detection accuracy progressively increases over time.

                IoT Network Security

                In 2021,   estimates that some 25 billion IoT devices will be connected to telecom networks. Accommodating such an increased volume of data is just one part of the challenge for telecom security though. Preventing unauthorized access, securing data transmissions and ensuring smooth monitoring of a much larger attack surface are the key security challenges for telcos.

                Despite low adoption, IoT devices have already proven to present both internal and external threats to cybersecurity. First of all, the device itself can be exposed to various cyber threats and vulnerabilities due to manufacturing issues that might hinder a telecom security system. Secondly, misconfiguration and lack of proper security measures make an IoT device an easy entry-point to the entire network of devices, or worse – the supporting architecture. In short, most attackers will have an easier way of finding a leeway as the surface of attack increases.

                Some of the common types of cybersecurity threats happening at network level are as follows:

                • Network congestion
                • RFIDs interference and spoofing
                • Node jamming in WSN
                • Eavesdropping attacks
                • Sybil attacks
                • DDoS attacks
                • Routing attacks

                Offering solid protection against these is a joint responsibility between network operators and IoT users.

                ebook: Innovative Security Approaches to Enable Digital Business Transformation

                IoT Cybersecurity Best Practices

                GSMA has already developed a comprehensive   for telcos, along with several supporting documents with security guidelines. Below are some of the key best practices the association proposes against common cybersecurity threats:

                • Network operators should use UICC based mechanisms for the secure identification of IoT devices. You can also provide single sign-on services for devices but mind the security trade-offs.
                • Enable secure authentication for all devices, networks and service platforms associated with an IoT Service.
                • Offer data encryption services to IoT service providers to ensure high communication integrity and increase network resilience.
                • Deploy private networks to support various IoT networks. These can be developed using Layer Two Tunnelling Protocol (L2TP) and secured with Internet Protocol Security (IPsec) as illustrated below:

                Basic security measures for SS7 attacks - 1

                To Conclude

                Telecom players have both an exciting and complex time ahead. On the one hand, the industry is undergoing major transformations, resulting in new revenue opportunities and value streams. On the other hand, an increased presence of new assets (such as IoT devices) and increased pressure on the old communication protocols enlarges the defense perimeter every telco needs to create.

                Ultimately, to have strong and reliable telecom security mechanisms, you will need to switch from reactive security to proactive – one that relies on extensive monitoring and has predictive capabilities, powered by advanced analytics and AI. Conduct proper risk assessments for current systems, decentralize and automate the core security requirements with appropriate tools and run even deeper assessments for emerging technologies such as IoT, 5G, and NFV among others.

                Having strong telecom expertise, Infopulse also provides a comprehensive scope of enterprise IT security services ranging from preliminary security assessments to comprehensive Security Operations Center (SOC) as a service. on strengthening your network resilience and future-proofing your operations against emerging threats!


                About the Author

                Photo of Alla Oliinyk

                Alla Oliinyk

                Engagement Manager, Telecom Practice

                Alla Oliinyk is an established expert with 9+ years of experience in the telecom industry and wholesale voice/SMS traffic exchange. She has broad expertise in managing cross-functional teams responsible for various telecom operations activities. Alla participated in numerous successful projects, including a decade-lasting collaboration with BICS, receiving both personal and team awards for managing client relations with the most demanding customers and outstanding contribution to the company's development.

                Originally published   April 07, 2020 Updated   May 13, 2021