Page 129 - SAMENA Trends - February-March 2021
P. 129
ARTICLE SAMENA TRENDS
In a few cases, telecom companies will the system, resulting in the loss or theft security assessments and penetration
act as intermediaries in the chain from of data. tests.
supplier to subscriber, which opens even • Indirect Client Attacks: Telecom • Implement real-time anomaly detection
more vulnerabilities to the security of the companies often have a large client systems to identify more advanced
architecture. base, due to which they are more at risk attacks and their prequels.
for attacks targeted to their customers
CYBERSECURITY THREATS IN TELE- from cybercriminals, such as identity 2) SIP Hacking
COMMUNICATIONS theft, malware, and phishing attempts. Session Initiation Protocol (SIP),
With the additions of cloud computing, used in most voice-over-IP (VoIP)
IoT, AI technology, and a growing number Communication networks need to be communications, is another prime target
of connected devices, the perimeter of resilient. Especially, as the scope, variety, for malicious parties. Without proper
visibility is widening. and complexity of current cybersecurity security measures, hackers can easily tap
threats are increasing exponentially. into encryptedcalls, distribute SIP malware
An important key point when attempting and otherwise tamper with the VoIP
to reduce overall risk is acknowledging The growing volume of data transmissions, services you are provisioning.
the wide variety of possible threats to your legacy technology, and signaling protocols,
telecom cybersecurity, which may include: the increased role of cloud technologies Here’s a list of cybersecurity threats that
• DDoS (Distributed Denial of Service) and legacy DNS and DDoS attacks are were common:
Attacks: Cyber attackers intentionally among the most common “bullets” telcos • SIP trunk hacking
overwhelm their target with a stream of need to dodge on a daily basis. • SIP toll fraud
Internet traffic to deplete their victim’s • Eavesdropping
uptime and availability. THE MAIN TYPES OF CYBER THREATS • Caller ID spoofing
• Data Breaches: Telecom providers AND WAYS TO MITIGATE THEM • DDoS attacks on PBX systems
continue to struggle with these attacks
as they are prime targets due to their 1) SS7 and Diameter Signalling Threats Utility suppliers in the US faced a series
valuable data and the breadth of their A number of core telecommunication of VoIP attacks last year. An attacker was
services. services are still powered by old protocols initially targeting 1,500 unique gateways
• Internal Threats & Human Error: This such as SS7 (Signalling System No. 7) or tied to some 600 businesses, but later
type of risk is always present in a Diameter. focused on a single company and, using
company, typically stemming from a command-injection technique over
an employee who intentionally, or by SS7 protocol, in particular, has become one HTTP, injected a malicious web shell into
mistake, compromises the security of of the central cyber threats to the banking the company’s server outgoing directory.
industry since hackers can easily intercept Granted, the hack was discovered in time
Communication networks 2FA authentication codes and drain users’ before much damage had been done.
need to be resilient. Espe- accounts. Best Practices for Protecting SIP Signalling
• Enforce strong encryption over your
cially, as the scope, variety, Newer protocols such as SIP (Session Transport Layer Security (TLS) and
and complexity of current Initiation Protocol) can also be extremely Real-Time Protocol (RTP) to protect all
data transmissions.
vulnerable to cyber threats without proper
cybersecurity threats are controls in place. For instance, in 2018 a • Implement anti-spoofing for SIP
increasing exponentially. group of attackers managed to stage a messages. Ensure that you have proper
denial of service (DoS) attack on Cisco in-built mechanisms for challenging
equipment through leveraging malformed messages and authenticating SIP
The growing volume of SIP traffic. clients.
data transmissions, legacy According to a report by the European • Maintain strong Session Border
Controller (SBC) controls that perform
technology, and signaling Union for Cybersecurity, most telecoms deep packet inspection of all SIP
protocols, the increased have implemented the basic security messages and prevent unauthorized
role of cloud technologies measures for SS7 attacks: SIP traffic.
Cybersecurity Best Practices for SS7 and
and legacy DNS and DDoS Diameter Protocols 3) DNS Attacks
attacks are among the • Exhaustive monitoring that covers all DNS (Domain Name Security) attacks
still remain a major sore point for telcos.
interconnect and outgoing traffic, as
most common “bullets” well as core network elements. What’s worse, is that the cost of such
telcos need to dodge on a • Harden network nodes by implementing attacks is increasing year-over-year. In
better firewall configuration rules.
2017, one such attack usually costed a
daily basis. • Conduct regular external network telecom company $622,100 on average.
129 FEB-MAR 2021
