Given the nature of their business, telecom service providers generally are more equipped than the average organization when it comes to protecting their critical infrastructure and systems from cyberattacks.
It’s a good thing.
NETSCOUT’s latest worldwide infrastructure security report found the exploitation of IoT devices and DDoS attack-service innovations are leading to more frequent and complex attacks on service providers. Indeed, 59 percent of service providers experienced multi-vector attacks, a 20 percent increase from the year prior. Multi-vector attacks combine high-volume floods, application layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attackers’ chances for success. Carriers defend their networks using Gi and DDoS protection appliances.
One threat unique to telecom providers is the attack of leased infrastructure equipment such as home routers from ISPs. Once the equipment has been compromised, cybercriminals can use it to steal data, launch other attacks anonymously, store exfiltrated data, or access expensive services such as international phone calls.
Attacks also can originate from inside the network, and experts say that savvy attackers will eventually target the right component to bring down a network by disabling its brains, so to speak. Moreover, as companies increasingly move to the cloud, attackers will increasingly target cloud providers.
Today the risk landscape is so threatening that Telefonica, Singtel, SoftBank and other carriers recently formed an alliance to bolster cybersecurity for global customers.
Small and Midsize Service Providers Aren’t Immune
Small and midsize service providers should be equally concerned because hackers aren’t just targeting big companies. Sure, headlines are dominated by cyberattacks on Yahoo, eBay, Equifax, Target, Sony and other big brands, but an increasing number of incidents involve smaller organizations. In fact, some 70 percent of attacks target small businesses, according to the National Cyber Security Alliance.
Smaller operators still have sizable customer bases, which means they communicate and store many volumes of data that cybercriminals can exploit, potentially resulting in a flood of trouble tickets, resource draining mitigation efforts, loss of trust, reputation harm and customer attrition.
Precision serves many small and midsize service providers and it’s been years since any of them suffered a successful attack. But the threat landscape is more dangerous today and constantly evolving, making it critical for them to remain diligent and keep their defenses current.
Fileless Attacks on the Rise
Cybersecurity experts are seeing an upward trend in fileless attacks, or incidents where the malicious payload doesn’t touch the disk. Instead, it’s executed directly in memory – and therefore more difficult to detect. For hackers, the approach not only removes the need to rely on physical files but also improves stealth and persistence.
Microsoft is combating the trend by integrating its Windows Defender Advanced Threat Protection (ATP) with capabilities such as behavior monitoring, memory scanning, and boot sector protection to detect and terminate threat activity at runtime. But the company warns that as antivirus solutions become better at pinpointing malicious files, the natural evolution of malware is to shift to attack chains that use as few files as possible. Microsoft further warns that while fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too.
The point is, cybersecurity threats are changing and increasingly dangerous for service providers of all sizes.
As a SaaS provider to service providers with public-facing applications, we have developed a holistic security program that covers threat detection, prevention measures and incident response methods. If you have any questions about your security posture or how to protect your network infrastructure, don’t hesitate to reach out to us.