As the US Govt warns telecom firms about hacking breaches, SecurityGen urges mobile operators to revise their approach to security and upgrade their network defences
Earlier this month, multiple US Govt security agencies including the FBI, the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Agency, warned that hackers breached major telecoms companies by exploiting software flaws in routers and other network infrastructure equipment.
The US report did not name the companies that had experienced the breaches. It also said that infrastructure equipment is “often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”
Commenting on the US report, Amit Nath, co-founder and CEO of global telecom security start-up SecurityGen, said, “The advisory from the US Govt is a timely reminder of the cyber threats facing telecom operators and their networks from malefactors in today’s interconnected world. It underlines the significance of telecom networks – both fixed and mobile – as critical infrastructure.
“Attacks on telecom operators are costly, damaging, and disruptive. They can include everything from denial of service targeting groups of subscribers or particular areas: to the theft of sensitive personal data for fraudulent purposes: or a full network outage that causes serious and widespread disruption for the individuals and organisations affected,” he added.
Fellow SecurityGen co-founder and CTO Dmitry Kurbatov explained, “New technologies like 5G, cloud, virtualisation, and open RAN have made mobile networks more complex, dynamic and agile. But this convergence of IT and telecoms also brings significant new security concerns that must be addressed. Current security measures aren’t enough to identify vulnerabilities in networks that operators themselves might not notice but which malicious attackers can potentially exploit.
“5G has been developed with improved security protocols than previous network generations. However, along with the complex 5G ecosystem, which presents several pathways for hackers to seek access, because 5G relies on widespread protocols like HTTP/2 and IP, hackers may not need specialist telco knowledge and skills to attack. They can apply their previous experience to do so, which further worsens the situation for telcos,” Kurbatov continued.
“Safer telecom networks depend on operators moving away from their current cybersecurity posture and adopting a more proactive approach that views the network as a whole rather than as separate components. One which effectively uses the latest insights drawn from real-time threat intelligence combined with an automated approach to help assess the strength of their network defences by continually verifying threats and testing for vulnerabilities. In this way, operators can stay ahead of attackers, and effectively defend their networks and protect their subscribers on an ongoing basis,” Kurbatov concluded.
Rome-based start-up SecurityGen is the company behind the ACE (Artificial Cybersecurity Expert) breach and attack simulation platform. ACE is a telecoms industry first: the first completely automated breach and attack simulation platform that is purpose-built for securing mobile networks.
ACE assesses and improves the security posture of mobile operators by continuously testing the strength of their network defences against simulated attacks and techniques. ACE identifies and reports potential gaps and vulnerabilities within the operator’s network. It then carries out simulations of real-world attacks on these vulnerabilities to assess their seriousness and the potential damage that an actual attack could cause.