Connect with us


Cybersecurity in telecoms – now needed more than ever



Cybersecurity in telecoms

It comes as no surprise that the telecoms industry ranks among the worst in handling and fighting cybersecurity.

Although telcos have made immense leaps in protecting their networks and customers, the weak link resides among its employees and executives who poorly manage their passwords and access to their data.

Almost 43 percent of telecom companies have suffered from DNS-based malware in 2019 alone, noting that a staggering 81 percent of these companies were sluggish with their response, waiting three days to apply critical patches to remove the breach, a report by US-based cybersecurity firm, EfficientIP.

These attacks are costing organizations a lot of time and money, mainly due to their slow approach of handling data breaches, relatively requiring an average of three employees to collectively spend over 17 hours per attack.

“Last year, a single DNS attack cost a telco organization $622,100. This year, the research shows telcos lose an average of $886,560 from each DNS attack, an increase of 42 percent in just 12 months,” the report highlighted.

This is exactly why network operators are considered fertile ground for hackers far and wide, as each attack costs almost $600,000 on average to remediate.

In parallel, the target placed on a telco’s head attracts the most complex and sophisticated cyberattacks since they hold sensitive data for their thousands and even millions of customers.

“With a large part of their customer base operating online, strong network security has become a business necessity for the entire telco sector in general. Ensuring consistency and reliability in service is a crucial step towards providing elevated customer satisfaction,” the EfficientIP report highlighted.

This damage not only hits an organization’s pocket, but also its reputation among customer bases. According to the report:

  • 45 percent had to close down specific affected processes and connections.
  • 38 percent suffered cloud service downtime.
  • 33 percent reported a compromised website.
  • 31 percent endured in-house application downtime.
  • 30 percent reported sensitive customer information stolen

On the darker side of the spectrum, cybercriminals are targeting telecoms employees by blackmail and recruiting insiders within the company to leak information.

“Cybercriminals often use insiders as part of their malicious ‘toolset’, to help them breach the perimeter of a telecommunications company and perpetrate their crimes,” a report by Kaspersky highlighted.

According to the report, hackers rally disaffected employees through underground channels, or by blackmailing staff using compromising information that they’ve gathered from open sources, a classical Trojan horse behind enemy lines is applied here.

Almost 28 percent of all cyberattacks, and 38 percent of targeted attacks (state-sponsored, or competitive) involve criminal misgivings from insiders.

“The human factor is often the weakest link in corporate IT security. Technology alone is rarely enough to completely protect the organization in a world where attackers don’t hesitate to exploit insider vulnerabilities,” the intelligence report stated.

If it is an attack on a cellular service provider, criminals will seek out employees who can provide fast track access to subscriber and company data or SIM card duplication/illegal reissuing. If the target is an Internet Service Provider, the attackers will try to identify those who can enable network mapping and man-in-the-middle attacks.

According to numbers by SpyCloud, a US-based cybersecurity firm, 74 percent of employees, including C-level executives, working for Fortune 1000 telecom companies are reusing passwords across multiple work and personal accounts. Some of those sites will eventually be breached if they haven’t already.

These weak links can be identified by the human tendency to reuse the same passwords for multiple platforms and accounts, which when compromised, allows hackers to effectively implement a domino effect on that person’s whole online presence.

This is backed by research done by Verizon, which placed compromising or weak passwords as the number 1 method of account takeovers (ATO).

These attacks also take the form of a method called credential stuffing, where hackers flood a company’s servers using bots to try and steal credentials across a high volume of accounts in a short amount of time.

“Credential stuffing attacks may come years after a site is breached. Stolen credentials are typically kept within a tight circle of criminals for the first 18-24 months after the breach, to be extensively monetized with more sophisticated targeted attacks before being sold in combo lists on the dark web,” the report from SpyCloud highlighted.

There are numerous ways employees can defend themselves against a plethora of attacks, which should be encouraged by organizations to create a cybersecurity culture within the ranks.

Don’t click on suspicious links

We’re all used to seeing spam emails, messages and ads online, while they might look harmless, they might hold many sinister implications beneath.

Emails such as these usually appear as a form of claiming a prize from a competition that you haven’t even signed up for; if you have any shred of doubt about it, then just stay away from it, since it might contain malware that could wreak all kinds of havoc on your computer.

Listen to your PC updates

Our computers never fail in nagging us to install that latest update, which is why you need to fight the urge of clicking on that “postpone” button and do it right away. Always keep in mind that the majority of these updates are security related, and remember that the infamous WannaCry malware spread due to devices not being patched.

Avoid the 1-password-for-all tendency

Many people have a tendency to reuse the same password on all their platforms and accounts to eliminate the need of memorizing dozens of passwords. This approach should be avoided. If criminals figure out your password, your other accounts will fall under threat.

There are a number of security apps and software that enable you to localize your passwords in one place, away from the cloud, and tend to use password generators for each platform to keep passwords fluctuating on a regular basis.

Two-factor verification

Also known as 2FA, is simply adding another layer of security to your accounts. The most popular approach is receiving a text message on your phone with a code that you need to enter. This makes it harder for hackers since you’ve essentially removed one integral piece of the puzzle.

Mindful of public Wi-Fi

Many shops, bars, malls, restaurants and the like offer free WiFi, which is more often than not considered prime hunting ground for data. Thus, one should be weary of what they connect to while on that network.

Unsecured Wi-Fi networks could lead to the theft of your private data or devices being hacked.

The underrated power of VPN

Virtual Private Network, or commonly known as VPN, can be used in a plethora of ways to keep yourself away from the threats that surface online. Access your home network remotely or to limit your ISP from seeing what you are doing, or to browse safely on public Wi-Fi.

As many other services, there are a number of VPN services that tailor to specific needs, so do your research, pick the one that suits your behavior online and start using it religiously.

Backups and encryptions

How many times has an electronic device failed you, and made you wish that you had backed up the data? Which is why it is a necessity to back up your sensitive data and things you have been working on recently; thus, if something does happen, you can continue unhindered by the unfortunate loss of your device.

And the same applies for encryption.

While many people underestimate the importance of encryption, it is exactly here where hackers will look to exploit that weakness. So, get into the habit of encrypting anything you deem as sensitive data.

While all of these are being done on an individual level, it is up to organizations to increase awareness as well as encourage employees to remain careful and cautious about their online behavior, which will help foster a cybersecurity culture for all.

Yehia is an investigative journalist and editor with extensive experience in the news industry as well as digital content creation across the board. He strives to bring the human element to his writing.


Panasonic confirms cyber breach to its access data



Japanese manufacturing titan, Panasonic, confirmed Friday its network has been infiltrated by a cyberattack directed at its access data, on November 11, by gaining entry via third party.

In its statement, the company revealed that “some data on a file server had been accessed during the intrusion.”

This marks the only information publicized by the tech manufacturing giant. However, homegrown publications Mainichi and NHK alleged the breach was initiated June 22 and terminated November 23.

“After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network,” Panasonic said in its statement.

“In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/ or sensitive information related to social infrastructure,” it added.

In parallel, NHK disclosed that the breached servers contained data about Panasonic business partners and the manufacturer’s own technology, adding that a previous cyberattack directed at a subsidiary also obtained personal business data.

Panasonic also stated that aside from directing its own probe into the matter, the company is also seeking experts’ assistance by working with a third-party establishment to examine all aspects of the cyberattack. This will help the entity identify whether the infiltration was directed towards clients’ personal data.

“We cannot predict whether it will affect our business or business performance, but we cannot deny the possibility of a serious incident,” the Japanese titan said told one of the publications on Friday.

Earlier in March, Panasonic joined forces with cyber security company McAfee to institute a cybersecurity operations center (SOS) to address the rising risks of these attacks on its infrastructure. The pact will prioritize and strictly focus on detection and response.

Continue Reading


Apple suing Israeli hacker-for-hire company NSO Group



Tech giant Apple announced Tuesday it is suing Israel’s NSO Group, seeking to block the world’s most infamous hacker-for-hire company from breaking into Apple’s products, like the iPhone.

Apple said in a complaint filed in federal court in California that NSO Group employees are “amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Apple said NSO Group’s spyware, called Pegasus, had been used to attack a small number of Apple customers worldwide.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering.

NSO Group has broadly denied wrongdoing and said its products have been used by governments to save lives.

“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” the company said in a statement.

It’s the latest blow to the hacking firm, which was recently blacklisted by the U.S. Commerce Department and is currently being sued by social media giant Facebook.

Security researchers have found Pegasus being used around the world to break into the phones of human rights activists, journalists and even members of the Catholic clergy.

Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously controls the smartphone’s microphones and cameras. Researchers have found several examples of NSO Group tools using so-called “zero click” exploits that infect targeted mobile phones without any user interaction.

The Biden administration announced this month that NSO Group and another Israeli cybersecurity firm called Candiru were being added to the “entity list,” which limits their access to U.S. components and technology by requiring government permission for exports.

Also this month, security researchers disclosed that Pegasus spyware was detected on the cellphones of six Palestinian human rights activists. And Mexican prosecutors recently announced they have arrested a businessman on charges he used the Pegasus spyware to spy on a journalist.

Facebook has sued NSO Group over the use of a somewhat similar exploit that allegedly intruded via its globally popular encrypted WhatsApp messaging app. A U.S. federal appeals court issued a ruling this month rejecting an effort by NSO Group to have the lawsuit thrown out.

Apple also announced Tuesday that it was donating $10 million, as well as any damages won in the NSO Group lawsuit, to cybersurveillance researchers and advocates.


Continue Reading


Thousands of Phone Numbers Compromised During Robinhood Hack



Popular investment and trading platform Robinhood stated that “limited information” had been stolen during a cyber-attack targeting the company last week but highlighted that among them were thousands of personal phone numbers.

Robinhood said on Tuesday, that the list obtained by the hackers, which contained email addresses for about five million people and full names for a different group of roughly two million people, included “several thousand entries” with phone numbers.

While the company failed to reveal how many phone numbers were on the list, Motherboard reported that it’s about 4,400.

Motherboard got a copy of the stolen phone numbers “from a source who presented themselves as a proxy for the hackers.” In a statement, Robinhood did not confirm whether the phone numbers Motherboard had obtained, were authentic but did acknowledge that the stolen information included thousands of phone numbers.

However, the blog added: “We continue to believe that the list did not contain Social Security numbers, bank account numbers, or debit card numbers and that there has been no financial loss to any customers as a result of the incident. We’ll continue making appropriate disclosures to affected people.”

The company added: “After we contained the intrusion, the unauthorized party demanded an extortion payment. We promptly informed law enforcement and are continuing to investigate the incident with the help of Mandiant, a leading outside security firm.”

On his side, Robinhood Chief Security Officer Caleb Sima said, “As a Safety-First company, we owe it to our customers to be transparent and act with integrity.”

“Following a diligent review, putting the entire Robinhood community on notice of this incident now is the right thing to do,” he noted.

Continue Reading