This list could be much longer, but the question remains: why do these attacks keep taking place?
It’s simple—as with many other businesses, the information telecoms companies keep on their customers is a veritable goldmine. By themselves, details on names, addresses, phone numbers, passwords and more can be hugely valuable. But the benefits don’t end there: this information helps hackers acquire two-factor authentication (2FA) codes, which are commonly used to help protect a given account from unauthorized access by requiring an additional code. For example, 2FA can support an email address authentication method. This makes a breach the gateway to even more confidential details.
Second, there’s the issue of identity theft. While sometimes played for laughs in entertainment programs, this is in many ways the ultimate violation of personal space. In the digital era, the hijacked persona is used to commit a wide range of fraud and other crimes. It can take the victim months, even years, to undo the damage.
Mitigating these attacks is not simple, and no strategy is immutable. But even in the absence of guarantees, there are multiple steps organizations can take to make breaches far more difficult—ideally to the point where attackers will eventually give up trying.
First, the security protocols must ensure that compromise of the customer management system is fundamentally impossible. Customer data isn’t just a marketing tool, it’s the number-one business asset; losing it undermines faith in the operation. This is an unacceptable risk for the mobile network operator.
There are some common-sense steps that can be taken here. For example, resist the temptation to collect every piece of data possible, and focus only on what’s needed most to help marketing initiatives. This decreases hackers’ interest and increases customer confidence. On a related note, limit access to this data—not every person in marketing needs to see it, and it helps security because every access point involves some potential vulnerability. Perhaps most importantly, ensure ongoing subscriber education about the perils of fraud, and encourage measures such as stronger passwords.
Second it is critical to monitor the technical aspect of unauthorized intrusions and develop behavioral analysis to respond in real time. There are technology offerings available for this vital function, and they constantly undergo innovation and enhancement. It’s important for security professionals in this discipline to stay aware of the latest advances and make sure that all appropriate solutions are deployed.
This enables optimal visibility of users and their devices as they log on and empowers security professionals to verify compliance mandates in all environments: data center, cloud and more.
Finally, the porting procedure, which we may learn played a critical role in the Mint Mobile episode, must be implemented with greater security. As it stands now, even the most rudimentary social engineering techniques—many of which have been around for years—are surprisingly successful. When advanced technologies can be breached with simple tactics, there’s clearly room for improvement.
Fortunately, there’s a growing list of viable technologies, including multifactor authentication, biometrics, security PINs, behavioral heuristics and more. Rather than deploy a generic approach, MNOs can and should develop a mix of solutions that best meets their specific needs.
Looking ahead, adopting a security framework based on an industry standard model, such as NIST, is a good first step for a comprehensive approach to cybersecurity. The framework must have different components for identifying, protecting and detecting risks, and responding to and recovering from incidents.
Technologies now available can offer a comprehensive picture of activity within the entire network, identify security flaws and threats from the existing infrastructure, through virtualization, non-standalone 5G (NSA-5G) and all the way to a standalone 5G (SA-5G) network. Modern tools can automatically detect attempts to penetrate the OSS network and identify hacker presence on virtualized infrastructure based on multiple indicators including use of hacker tools and backdoor transmission of data to attackers’ servers, which effectively nullify advanced persistent threats (APT).
But the work needs to go beyond implementing technologies. It’s equally important to address security issues within mobile networks. This requires a comprehensive approach that should include, at minimum, assessment and monitoring. There are thousands of base stations around the world that need security testing. So do core networks, especially those running on virtualization infrastructure; vendors deliver solutions as a black box, making it difficult to uncover what is inside the infrastructure. Security must also be non-intrusive, supporting the process without becoming an obstacle.
There are no easy fixes here: telecom network security is a big issue and deserves big consideration. The endless parade of breaches suggests that even the small issues remain a problem. Changing this equation must be a top priority.