Sectrio

Telecom

How Chinese hackers managed to breach global telcos 09 06 2022

How Chinese hackers managed to breach major telcos and lessons from the episode

Chinese threat actors have managed to break into multiple telecommunications giants across the world in a campaign drive lasting over two years as per reports. The hacker groups behind the episode managed to exploit various vulnerabilities to target critical telecom infrastructure. Through phased attacks, the actors managed to first compromise devices and then use these devices to gain access to network traffic belonging to the telco’s customers.   The hackers specifically targeted networking devices including routers and switches belonging to at least 3 different OEMs. Over two years the devices were repeatedly used to sniff into network traffic and even train other hacker groups on conducting reconnaissance attacks as well as stealth tactics to be deployed to keep the breach hidden for the longest period of time. This is probably the first time we have come across a breach that was used to train future hackers by Chinese APT groups. Also Read: Why IoT Security is important in today’s network? The fact that hackers used publicly known and published vulnerabilities including flaws that go back to the first half of the last decade is indeed worrying. Some of these vulnerabilities enabled hackers to evade authentication and take over complete control of a device and gain unhindered access to networks including allowing the execution of various codes at the discretion of the hacker.   So why were the Chinese hackers successful? Beyond skills, these hackers had some help from infrastructure management practices that have been going on for decades. Addressing vulnerabilities and flaws should ideally be an ongoing endeavor conducted with diligence and discipline. However, this does not happen as flaws are allowed to persist (sometimes willingly) years after they are revealed and their existence is common knowledge.   Without addressing the known flaws, it becomes even more difficult to deal with Zero Day attacks as the security teams are simply not equipped in some cases to even look for them. With limited people, resources, budgets, and skills, flaws remain and continue to pose a threat to infrastructure till regulators step in and force businesses to act. In this case, the hackers used open-source scanning tools such as RouterSploit and RouterScan to study and surveil target networks. They were able to gather data on the models, versions and patch status, and vulnerabilities of networking gear.  Using this knowledge the hackers exploited the unpatched vulnerabilities to access connected networks and moved on to authentication servers where they were able to steal user and access credentials while reconfiguring equipment and exfiltrating data by copying it to their machines. Compliance Kit: IoT and OT cybersecurity self-assessment tool using NIST CSF This window of opportunity was fully leveraged by the hackers, and they kept returning to the victim’s network multiple times while keeping an eye out for any attempts to discover them. They also covered their tracks by removing digital traces of their activities including logs. In addition to spying, the victim’s networks were used to train hackers on breach and post-breach practices by the hacking team involved in this episode.  While telecom firms are high on the list of targets for state-sponsored hackers, other businesses could also be targeted by APT groups for various reasons. Many APT actors are now trying to monetize their activities and have diversified the businesses they are now targeting across the globe. So how can businesses secure themselves? Published vulnerabilities must be tracked to closure in a disciplined manner with clear SLAs Build capability and tool-set to detect Zero Days through anomalies and other means In addition to multi-factor authentication, ensure that all user credentials and privileges are modified regularly. This step alone could save a lot of bother later Improve threat hunting by getting access to the right cyber threat intelligence feeds (Get the comprehensive guide in selecting the right cyber threat intelligence feeds) Build a culture of cybersecurity across functions Conduct audits in a scheduled manner Tabletop exercises should be conducted frequently to test the readiness and quality of first response (Get Sectrio’s FREE Table Top Exercise Manual) Incentivize the detection and reporting of threats   Try our threat intelligence feeds for free for 15 days to see what your threat hunting program is missing here: Sign up for FREE threat intelligence feeds Sectrio is securing some of the most complex IoT and OT deployments across geographies today. Our security analysts can evaluate your infrastructure to assess your risk exposure, and potential sources for cyberattacks and identify surfaces that could be targeted by hackers through specific and diversified breach tactics. Learn more about our threat assessment methodology here: OT and IoT Threat Assessment Book a demo now to see our IT, OT and IoT security solution in action: Request a Demo Try our threat intelligence feeds for free for the next two weeks. Get access to enriched IoT-focused cyber threat intelligence for free for 15 days  

How Chinese hackers managed to breach major telcos and lessons from the episode Read More »

IoT security impacts on Telcom Industry

How IoT Security Impacts the Telecom Industry

According to our in-house research and published information obtained from research firms, telecom service providers including MVNOs and M2M connectivity providers suffered the highest volume of breach of sensitive customer information through DNS attacks. With the addition of the Internet of Things, data security takes a whole new level of significance for connectivity service providers. In the last two years, many IoT and critical infrastructure projects involving telcos have been impacted by issues related to loT Connectivity Security leading to delay in project outcomes or projects being abandoned altogether. This has had a clear impact on the margins of telcos as well since many of these were proof of concept projects that could theoretically have led to an increase in the number of endpoints on their network, increased data consumption, and direct revenue as a result of connectivity and managed services. It is not just the revenue alone but the credibility and erosion of the enterprise customer base that telcos are staring at. With the emergence of other connectivity options such as satellite-based connectivity service providers, even the marketplace relevance of telcos is threatened. It is no surprise therefore that telcos are now paying more attention to the machine to machine or M2M security practices, IoT security solutions, and cybersecurity postures that are aligned towards offering better security and assurance to customers. Telcom IoT security has therefore come into prominence like never before. As the world battles a pandemic, there is another battle going on in parallel. Many enterprises and telcos have reported a surge in Coronavirus themed attacks designed to lure employees into downloading potent malware and application manipulation objects. This threatens telecom networks in a big way and telcos need to adapt their security posture to contain and eradicate this threat. Key elements of this change could include: More focus on early detection and containment of suspicious activity and rogue devices Use a Zero trust approach when it comes to enabling access to network resources Work on segmenting networks or rather micro-segmenting them to prevent lateral movement of malware Sensitize employees and all stakeholders to align them towards heightened awareness of cybersecurity Invest in identifying threats across the spectrum including emerging ones Deploy a cyber resilience strategy that prevents disruption Monetizing cybersecurity has been a holy grail of sorts for telcos. On the one hand, they have to deal with meeting their security needs while on the other they have to also ensure that the deployments hosted on their networks are also secure and cyber resilient. Recently, a leading mobile virtual network operator was able to not just monetize cybersecurity, but also use it as a vector to deepen their existing relationship with premium customers. The result – a significant increase in additional revenue. What’s more, they were also able to stay protected against malware that impaired some of their competitors and their large customers. The average savings per breach ranged from USD 250,000 to over a million. These numbers are rising as the threat environment continues to deteriorate. The gains lodged from strengthening the profitability of key relationships – priceless. Subex Secure is powering this endeavor. You can read this unique case study here. To know more about Subexsecure’s offerings and to schedule a demo, call: +91 80 6659 8700 Click here to know more about how Subexsecure has been working with telcos across the globe to secure the IoT initiatives adopted by their customers.

How IoT Security Impacts the Telecom Industry Read More »

Scroll to Top