The Hidden Risks in Telecom Networks and How to Safeguard Your Organization

November 4, 2024

Telecom network breaches have been big news for the past few weeks following the public disclosure of a high-profile breach of Verizon by threat actors alleged to be affiliated with China. The big news has mainly been related to the monitoring of political figures, but that is far from the only risk associated with such breaches. Threat actors are interested in the metadata from many different kinds of users, not only political figures. At an enterprise level, simple knowing who the leadership of an organization is speaking to could be of tremendous value to certain investors, and threat actors can sell this information at high prices. When the breaches can also include call logs and SMS messages, the value for corporate espionage goes up even more.

Several potential vulnerabilities exist in telecommunications networks that makes defending them hard to attempt. The most obvious one to every user relentlessly assaulted with spam messages is the lack of identity validation. More concerning on a criminal level is the nature of the carrier-interconnect cellular-roaming protocols used by carriers. It is possible for someone with sufficient knowledge of this network to intercept communications, something done by governments for espionage purposes, but also done by criminals. There are even threat groups that provide call interception as a service, conducting the kind of man-in-the-middle attacks commonly associated with emails, but for phone calls.

What can be done to protect enterprises from telecom breaches? End-to-end encryption is the main tool used to prevent interception, and it is provided by certain services. Enterprises communicating sensitive business data would be wise to employ a security solution that allows for end-to-end encrypted communications, especially when calling from a foreign network or using a VoIP phone, in order to protect from interception.

More from Blackwired

October 28, 2024

A Look at the Social Engineering Element of Spear Phishing Attacks

CISOs face dual challenges: technical security and increasing compliance duties. Most believe a separate role for compliance is needed.‍

Read more
October 21, 2024

Majority of global CISOs want to split roles as regulatory burdens grow

CISOs juggle daily security tasks and increasing regulatory compliance, leading many to suggest a dedicated role for oversight.

Read more
October 14, 2024

SOC teams are frustrated with their security tools

SOC teams face noise from security tools, with only 16% of alerts being genuine. AI tools are increasingly adopted to improve efficiency.

Read more