IntSights, the threat intelligence company focused on enabling enterprises to Defend Forward, released a research report on their findings of the telecommunications industry cyber threat landscape.
The recent incident on enterprise content firewall provider, Accellion, has shed light on the utmost importance for information security. Organizations that used Accellion as a third-party vendor, including a bank in New Zealand and a telecommunications provider in Singapore, were affected with their customers’ data stolen in a breach. Especially for the telecommunications industry, such cyberattacks can potentially result in large repercussions beyond the industry because of the pervasive use of telecommunications services, and can impact other companies’ external internet traffic and customer relationships.
Personally identifiable information (PII) possessed by telecommunications companies are highly valuable. Once the information is obtained, criminals can use this PII for various fraudulent purposes, whereas government intelligence services can use it to support human intelligence operations or facilitate the collection of signals intelligence. In Asia, the report indicated that IntSights’ coverage of underground criminal forums found that a cybercriminal offered to sell network access for what was described as the largest telecommunications service provider in Asia for 5 bitcoins (equivalent of approximately USD 95,000 at that time) in late 2020. The report also analyses the evolving tactics that threat actors use to breach telecommunications companies, and the steps that can be taken to mitigate top risks in the industry.
Other key findings include:
Availability of telecommunications providers’ administrative and VPN accesses through the sale on underground criminal forums or by insider threats. This has led to the growth in SIM swapping attacks to gain unauthorized access to the networks of mobile service providers, by enabling criminals to reroute SMS-based 2FA messages to the possession of attackers.
More starkingly, tutorials for SIM swapping attack techniques are readily available for sale on underground criminal forums.
State-sponsored attacks of telecommunications providers for cyber espionage as phone and internet communications continue to be the most typical forms of signals intelligence.
The Iranian cyber espionage group Greenbug targeted South Asian telecommunications service providers in 2019 and 2020, and repeatedly used PowerShell commands to download and execute payloads to expand its access in the compromised network.
Telecommunications customer PII can be used by state-sponsored threat actors for a variety of intelligence purposes including technical monitoring of communications. Criminals also sell PII and employee data on underground forums for profit.