The telecom sector is the backbone of a functional society. A cyberattack on telecommunication systems can impair communication with emergency services, resulting in delayed response time. This is one of the many fatal scenarios that explain the potential security risks against the telecom sector.

Given the wide usage of telecom infrastructure and applications across multiple organizations, the telecom sector has become a potential target of cyberattacks. Highlighting the state of threat, McAfee reported that telecom was among the top two targeted sectors by ransomware in the second quarter of 2021. However, that’s not all!

New APT groups ripping apart telecom sector

  • A new China-linked LightBasin threat actor group emerged as a new threat for telecommunication companies as researchers dug out a string of attacks designed to gather valuable information.
  • CrowdStrike researchers found that the notorious gang has breached at least 13 telecommunication companies across the world since 2019.
  • The initial compromise is facilitated with the help of password-spraying attacks that ultimately leads to the deployment of SLAPSTICK malware. 
  • Besides, a previously unseen APT group dubbed Harvester has also been observed mounting a custom backdoor called Graphon in an ongoing campaign against telecom companies. 
  • Active since June, the group uses the malware to gather screenshots and download other malware. Currently, the group is mainly targeting companies across South Asia. 

Telecom in DDoS crosshairs

  • Since the start of the pandemic, the world became increasingly reliant on connectivity and web services as more people joined the remote working model. Unfortunately, this opened up new opportunities for DDoS attackers.
  • During the first half of 2021, wired telecommunication carriers were among the most affected industries, with some of them recorded at 1.5Tbps.
  • VoIP companies were also recently targeted in a series of DDoS attacks that disrupted their infrastructure and services. One of the prominent victims included the Raleigh-based VoIP provider Bandwidth.  

A newfound attack adds more pressure

  • Security researchers also uncovered a new type of DDoS amplification attack that can pose a threat to Communication Service Provider (CSP) networks.  
  • Called Black Storm, the attack method is capable of disrupting DNS servers or other similar open services to interrupt connectivity. 
  • Researchers cautioned that the volume from one Black Storm attack has the capacity to terminate services of medium to large-sized enterprises and severely cripple a large-scale CSP network.

The bottom line 

Telecom carriers are a gateway into multiple businesses and hence, can be a lucrative target for attackers, along with their third-party providers and subscribers. Moreover, the recent introduction of 5G connectivity into telecommunications is likely to add more new threats associated with DDoS attacks. Therefore, network carriers must understand the risks and bolster the IT infrastructure security to mitigate such threats.

Cyware Publisher