3 Most Common Cyber Threats Targeting the Telecommunications Industry
February 25th, 2021
Subscribe to our blog and stay up to date
Digital transformation has changed the way businesses and consumers alike operate. As the prevalence of – and dependence on – mobile devices and new communication technology continues to increase each year, the size of the target on telecommunications providers’ backs grows exponentially. Hackers and cybercriminals know this sector protects a bevy of sensitive data and security protocols for other industries that use their technology.
IntSights researchers investigated cyber threat activity pertinent to the telecom industry using our platform and manual threat hunting techniques. We found that the cyber threat landscape in this industry is growing in scope, sophistication, and volume. You can read our full findings by downloading the full research report here. For three of the most common threats that target telecom organizations, keep reading.
1. SIM Swapping Attacks
SIM swapping attacks are the most important use case for unauthorized access to the networks of mobile service providers. These attacks enable criminals to circumvent the SMS-based two-factor authentication (2FA) protocols that protect sensitive accounts, like online banking accounts. These attacks reroute SMS-based 2FA messages containing codes meant for victims to SIM cards in the possession of attackers. The attackers can use those 2FA codes to gain unauthorized access to online banking or other accounts in order to conduct fraudulent transactions, or for other malicious purposes.
SIM swapping attacks are lucrative enough that some criminals have established dedicated SIM swapping businesses that charge other criminals for their services. Tutorials for SIM swapping attack techniques are readily available on cybercriminal forums.
2. Leaked and Stolen Customer PII
Telecommunications subscriber records are one of many sources of consumer personally identifiable information (PII) that criminals can use for identity theft, other forms of fraud, or social engineering attacks. For example, telecommunications providers may collect PII data points, such as dates of birth and US Social Security numbers (or regional equivalent), that criminals can use to apply for fraudulent lines of credit in victims' names.
The combination of customer contact information with other personal details can also facilitate social engineering attacks on customers. The attackers can contact victims at their now-exposed phone numbers or email addresses and use those other PII details to give themselves credibility as fake customer service representatives.
Telecommunications customer PII is also useful to state-sponsored threat actors for a variety of intelligence purposes. They can use it to identify the phone numbers and email addresses of persons of interest. They can then do any of the following:
- Collect signals intelligence (SIGINT) by targeting those phone numbers and email addresses for technical monitoring of their communications
- Target victims at those phone numbers or email addresses in social engineering attacks to install malware on their phones or computers
- Contact targets directly for potential development or recruitment as HUMINT sources.
Government intelligence agencies can also ingest bulk PII into searchable databases for future queries for a variety of purposes, such as background checks, screenings of visa applicants and foreign travelers, and the identification of prospective targets for development and recruitment as HUMINT sources.
3. SIGINT and State-Sponsored Cyber Espionage
SIGINT is one of the primary forms of intelligence that government intelligence services collect in order to inform political, military, economic, and other decision-making processes in their governments, and otherwise uphold and defend their countries' interests. The state-sponsored actors that have been most active in targeting telecommunications service providers are also the most active state sponsors of cyber espionage in general, such as Russia, China, and Iran.
Digital copies of phone and internet communications are the most common and typical forms of SIGINT. Breaches of telecommunications service providers are one of several ways for intelligence services to collect this SIGINT. In such incidents, state-sponsored threat actors breach telecommunications provider networks and move laterally until they have unauthorized access to infrastructure that enables them to record voice calls, collect copies of SMS, or gather PCAPs of customer network traffic.
How Cyber Threat Intelligence Enables Telecom Organizations to Defend Proactively
Security teams at telecom companies are faced with a daunting task: stop a never-ending onslaught of ever-evolving and increasingly sophisticated cyberattacks from successfully infiltrating their networks and wreaking havoc. Cyber Threat Intelligence (CTI) solutions can provide tailored cyber threat alerts specific to your organization and equip your team with the tools it needs to effectively thwart emerging threats as they develop.
To learn more about the cyber threat landscape for the telecommunications industry, download our report.
Paul Prudhomme is a Cyber Threat Intelligence Advisor at IntSights. He previously served as a leader of the cyber threat intelligence subscription service at Deloitte and as an individual contributor to that of iDefense. Paul previously covered cyber issues as a contractor in the US Intelligence Community. Paul specializes in the coverage of state-sponsored cyber threats, particularly those from Iran. Paul originally served as a linguist and cultural advisor and speaks multiple languages, including Arabic. He has a Master’s degree in History from Georgetown University. Paul is also a certified scuba diver and an award-winning amateur underwater photographer.
Stay up to Date!
Subscribe to the blog to stay up to date with all the latest industry news and updates from IntSights.