From nation-state-backed threat groups and opportunistic criminal gangs, our critical national infrastructure (CNI) is increasingly under threat from cyber-attackers. Heightened geopolitical tensions have increased the danger of state actors targeting these essential services, while criminals have also come to view attacks on critical infrastructure as a lucrative target.
The telecoms sector, from IT services to mobile providers, faces a particular onslaught of attacks. Telecoms is the very foundation of our entire digital economy, so any threat to these services represents a huge risk to practically every other industry. Protecting against attacks in this connected landscape is increasingly complex, particularly as telcos transform to cloud service companies, with new attack vectors opening up. At the same time, attackers are seizing new opportunities to launch attacks, with one recent report revealing that in Q3, the telco sector was the target of over 43% of all DDoS attacks.
These are large, complex organizations with a growing attack surface, and threat actors will aim to exploit any vulnerability to achieve their goals. Any attack that causes service disruption can have enormous repercussions for our economy and national security. So, what could an attack on the telecommunications industry mean, and how can access to these essential services be defended?
Why is the Telecoms Sector So Vulnerable to Cyber Threats?
A severe cyber-attack on communications infrastructure would lead to widespread telecoms and internet outages, resulting in astronomical societal and economic damage. Further, the increasing digitalization of all critical services means that other critical providers, such as power and water suppliers, would also inevitably be affected. This is a key factor in why the sector bears the brunt of so many attacks.
We have seen an increased threat level against CNIs, like telecoms, from criminal groups motivated more by profit than political ideology. Systems are particularly vulnerable to disruptive attacks like ransomware, and criminals have proven they are willing to hold access to essential services hostage in the hope of an increased ransom pay-out.
In the face of this threat, the UK Government launched strict new regulations around telecoms security, which came into effect in October 2022. Coming under the Telecoms Security Act, the Telecoms Security Requirements introduces new demands around monitoring and managing the security of networks. Among other demands, public telecoms owners need to ensure they have effective authorization, authentication, and encryption processes in place. Non-compliance could result in steep fines of up to £100,000 per day. The Network and Information Systems (NIS) regulations have also recently been expanded to lower the incident reporting threshold in the latest moves to improve the nation’s cyber resilience.
Securing Access to Reduce Risk
While there are many vulnerabilities that telco providers must protect against, one of the most significant relates to unauthorized access to privileged accounts and user credentials. Any ‘super user’ with elevated privileges is a target, including service accounts used by automated systems rather than human users.
Threat actors are likely to achieve their initial point of compromise using stolen login credentials to take over an endpoint. From here, they can pursue their real target, access to privileged accounts, such as system administrators with elevated rights and powers.
Unless there are sufficient controls in place, a minor breach affecting a single endpoint can enable an attacker to gain control of privileged credentials and rapidly escalate their system access. Once the intruder has sufficient privileges, they could target the physical telecoms network infrastructure through the IT systems facilitating remote access and automation. The significant level of physical hardware and legacy systems involved complicates security further.
Defending the Telecoms Sector from Cyber Threats
Protecting vital telecoms infrastructure against attack requires a multi-layered approach. Most operational technology (OT) systems need specialist solutions to monitor and control access, and organizations must close and mitigate vulnerabilities as more assets are digitized and connected with the wider IT network.
Defenses must focus on preventing attackers from reaching these systems through IT applications that facilitate automated processes and remote access. Privileged access management (PAM) plays a critical role here, enabling firms to safeguard privileged accounts and implement session monitoring to identify malicious activity. Crucially, this must account for non-human users, meaning service accounts that facilitate automated system access. Ensuring that admin access is authorized, time-limited and connected to a specific purpose is one of the demands of the new telecoms law.
Threat actors have the luxury of time on their side and will have the opportunity to carry out recon and pick their targets before they strike. Implementing a strict policy of least privilege will make it much more difficult for even the most prepared attackers to achieve lateral movement before they are detected. Ideally, this should be governed by zero trust principles and backed up by strong multifactor authentication. Coupled with this, the secure generation of credentials and automated password rotation will make it harder to acquire and use login information in the first place.
Attacks on the communications sector represent one of the most severe cyber threats any nation can face. We rely on these ‘always-on’ services for almost every type of business transaction and to ensure critical services are operational. Whilst threats are escalating and the challenges in protecting these networks are rapidly evolving, with a multi-layered defense that focuses on protecting access to key assets and systems, organizations in this sector have the best shot at ensuring they can continue to keep us all connected safely and seamlessly.