02 December 2024
Amidst rising threats to the world’s telecommunications networks, how can the operators prepare? And what should they be aware of?
The cyber-threat to telecommunications infrastructure in South and Southeast Asia is significant and growing. As the region continues to embrace digital transformation, the volume of data, services, and applications relying on telecom networks is expanding rapidly. This has made telecom infrastructure a prime target for cybercriminals, state-sponsored actors, and other malicious entities.
5G – opportunity or threat?
As per the June 2024 Ericsson Mobility Report, 5G subscriptions are expected to reach 560 million in Southeast Asia and Oceania by 2029, with notable growth forecast for Malaysia, Singapore and Thailand. Meanwhile, due to intensive 5G network deployments in India, 5G subscriptions had reached around 119 million by the end of 2023 and are expected to hit 840 million by the end of 2029, accounting for 65% of mobile subscriptions in the region.
Good news for the digital economy, but the global rise of 5G is also expected to have a significant negative impact in the form of increased cyber-attacks.
“It is predicted that within the next five years, 5G will more than double and represent over 60% of mobile subscriptions worldwide. In Asia alone, its coverage will reach 80% of the population,” observes Philippe Alcoy, security technologist at NETSCOUT. “What’s more, the number of observed DDoS attacks in APAC was up by 20% in the second half of 2023, per NETSCOUT’s 2H23 DDoS Threat Intelligence Report. This will only increase with 5G becoming the dominant way to access the internet.”
Transnational criminal groups in Southeast Asia are incorporating new tools like AI and deepfake technology to expand their cyber fraud capabilities, according to the United Nations Office on Drugs and Crime. The agency warned that organised criminal groups have relocated operations as needed and adapted to technological advances, while the ‘crime-as-a-service’ ecosystem has become well-established.
“This has meant that criminals no longer have to handle their own money laundering, code malware or steal sensitive personal information to profile potential victims or obtain initial access for their attacks themselves — instead, these key components can be purchased in underground markets and forums, and often at very accessible prices,” said the U.N. in a statement.
“The increasing sophistication of attacks, including Distributed Denial of Service (DDoS), data breaches, and exploitation of unprotected APIs, poses a serious risk to the integrity, availability, and confidentiality of telecom networks,” says Ameya Talwalkar, CEO at Cequence Security. “Additionally, geopolitical tensions in the region, coupled with the rise of advanced persistent threats (APTs), have made critical telecom infrastructure even more vulnerable to targeted attacks. Given the sheer scale and importance of telecom infrastructure in driving both economic growth and digital connectivity, the threat landscape is only becoming more complex. Telecom operators must remain alert, continuously updating their defenses to stay ahead of evolving cyber threats.”
Connected devices raise the heat
The explosion of Internet of Things (IoT) and the increasing number of connected devices that come with it are significantly raising the attack surface for telecommunications networks. These devices, many of which are deployed without sufficient security measures, can serve as entry points for cyberattacks if not properly secured.
“IoT devices often operate on weak or outdated firmware and can be difficult to monitor and manage, making them attractive targets for malicious actors. Once compromised, these devices can be used in a variety of ways, from launching DDoS attacks to gaining unauthorised access to sensitive network infrastructure,” explains Talwalkar. “For telecom operators, this means that ensuring robust security for both the devices on the network and the network infrastructure itself is essential.”
“Since the dawn of IoT in 2009 and Industrial IoT (IIoT) in 2010, two things have been clear. First is that IIoT offers a tremendous boon to businesses by increasing operational efficiency and reducing costs, with a measurable positive impact on the bottom line,” says Puneet Shetty, VP of Product Management and Field Engineering for Celona. “That brings us to the second point: IoT increases the security threat surface. Each device connected to the network is a potential point of vulnerability that can become a target for attack. Palo Alto Networks estimates that IoT devices account for more than 30% of all network-connected enterprise endpoints.”
With a predicted attack surface of over 125 billion IoT devices by 2030, these threats may well become one of the main challenges for mobile network operators in the years to come.
“This will make cybersecurity protection a critical aspect of 5G networks’ daily operation,” explains Philippe Alcoy, security technologist at NETSCOUT. “Mobile networks are inherently more difficult and expensive to monitor than their wireline equivalents. Moreover, mobile infrastructure is inherently more complex and fragile than its fixed counterpart. The proliferation of vulnerable consumer IoTs and other compromised internet-facing infrastructure connected over mobile networks has driven a significant increase in botnet populations.”
Defending the network
To protect critical telecom infrastructure, operators must implement a proactive and comprehensive risk management strategy featuring continuously assessing vulnerabilities, understanding potential threats, and prioritising risk mitigation efforts based on the potential impact on operations.
“Security threats are best managed locally where they occur rather than on the wider communications network. This is why enterprise security companies like Cisco and Palo Alto Networks have built the concept of zero trust into their products,” asserts Shetty.
Zero trust assumes every device is suspect and must be authenticated onto the network through various network access control mechanisms, further bolstered by firewalls, along with security posture assessment and policies that identify and mitigate threats.
“As enterprises adopt new wireless technology to further support their IIoT digital transformation initiatives, there is a new effort underway to expand zero trust security principles to the Operational Technology (OT) network in addition to the IT network,” adds Shetty.
Talwalkar believes that regular risk assessments should be conducted to identify weaknesses in the network, and that organisations need to evaluate third-party vendor risks, as these can often serve as vectors for attacks.
“Companies should invest in real-time monitoring solutions to detect suspicious behaviour and respond promptly to any potential threats,” says Talwalkar. “A multi-layered defense strategy, incorporating tools like intrusion detection systems (IDS), firewalls, API security solutions, and encryption, should be implemented to ensure full protection. Furthermore, developing a robust incident response plan ensures that when an attack does occur, it can be managed quickly and efficiently, minimising both downtime and financial impact.”
The single most important preventative measure an MNO can enact though, says Talwalkar, is strong network segmentation. By segmenting networks based on different security needs and access levels, operators can reduce the impact of a breach in one part of the network on the rest of the infrastructure.
“End-to-end and comprehensive visibility, backed by threat intelligence, coupled with an adaptive mitigation strategy, is necessary to effectively protect against threats and avoid wasting expensive network capacity on low-level DDoS activity. Service performance and availability risk comes from the potential congestion of key elements of the mobile network infrastructure, either through traffic volume or state-exhaustion,” adds Alcoy. “Due to the use of GTP tunnelling for all user traffic, to fully understand user-plane activity and identify threats, traffic must be monitored and correlated with control plane information to enable proper attribution and traceback. Dynamic mapping of mobile IP addresses to identities is essential to extracting actionable insights in real-time about both underlying traffic patterns and potential threats.”
Singtel breached in ‘test run’
Earlier in November 2024 it was reported that Singtel had been breached by Chinese state-sponsored hackers – later named as Volt Typhoon - over the summer as part of a broader campaign against telecommunications companies and other critical infrastructure operators around the world.
In a joint statement on 5 November, the Cyber Security Agency of Singapore (CSA) and Infocomm Media Development Authority (IMDA) said that they understood from Singtel that no service was affected, and no data loss was reported from the incident. In this case, early detection and mitigation measures were in place.
Singtel reportedly uncovered the breach of its network after detecting suspicious data traffic in a core back-end router and finding what it believed was sophisticated, and possibly state-sponsored, malware on it. The malware was in ‘listening’ mode and didn’t appear to have been activated for espionage or any other purpose, reinforcing a suspicion that the attack was either a test run of a new hacking capability or that its purpose was to create a strategic access point for future attacks.
Taking responsibility
Critical national infrastructure is the set of facilities, systems, sites, information, people, networks and processes necessary for a country, upon which daily life depends, and whose service integrity, if compromised, could result in significant loss of life or leave devastating economic, social or national security impacts, says Alcoy. In the last 12 months, some countries have begun to classify telecommunications networks as critical national infrastructure – with severe penalties in place for those who vandalise or hack it.
Talwalkar believes that governments and regulators in South and Southeast Asia should enforce stricter cybersecurity regulations and frameworks that require telecom operators to implement robust security practices, including mandating comprehensive cyber hygiene standards such as multi-factor authentication, secure communication protocols, and regular security audits.
“Governments should engage with the operators in order to draft and introduce new regulations and codes of practice to improve the security and resilience of national critical infrastructure, which includes public telecoms networks and services,” agrees Alcoy.
“Governments can also play a role in fostering collaboration between private sector players, law enforcement, and intelligence agencies to better share threat intelligence and best practices. Additionally, regulators can help establish clearer incident response protocols to ensure that, in the event of an attack, telecom operators have the legal and operational support needed to contain and mitigate the damage,” adds Talwalkar. “Incentivising investment in cybersecurity research and development for telecoms could also help the industry stay ahead of emerging threats.”
But when it comes to protecting telecommunications infrastructure and networks, who is ultimately responsible?
“The answer is both difficult and clear: everyone is responsible,” opines Shetty. “From the worker accessing the network on their phone where they might click on a phishing link, to the enterprise IT and OT teams who need to ensure they have end-to-end zero trust security solutions and procedures in place, to the network operators who need to apply similar zero trust solutions and procedures at the macro network layer – all have a vital role to play.”
Talwalkar believes that telecom operators are ultimately responsible for securing their networks and ensuring they are resilient to cyberattacks: “however, governments and regulatory bodies must set clear guidelines and enforce compliance to ensure that operators meet minimum security standards. Vendors providing technologies to telecom operators also play a crucial role in delivering secure products and solutions that can be integrated into the telecom networks. Additionally, employees within telecom organisations must be trained in cybersecurity best practices to reduce the risk of insider threats or human error.”
Thus, “protecting infrastructure is a collective responsibility that requires cooperation and coordination across all levels of the public and private sectors,” affirms Talwalkar.
