Telecommunications or telecom is a field that continues to evolve and broaden in response to advancements in technology and the changing demands of society, as manifested in its expanding role and impact on the internet of things and the evolution of wireless technologies to 5G. Telecom carrier networks are also poised to become content delivery networks (CDNs), for example, to allow users to load more internet content and transmit data at faster rates. We need such developments to continue since telecom, after all, influences how well we do business, provide services, broadcast information, and many other facets of modern life.
As telecom broadens in scope, so too should our understanding of it. And a good place to start is its threat landscape, which expanded with the growth and evolution of telecom technology. Telecom-related threats exist largely because money is closely tied with telecom operations. Users pay for their telecom services. Going online, making a call, sending a message — all have set monetary values depending on the user’s chosen carrier. This direct link to money is something that draws attackers who perhaps want to profit directly from the system or use it to launder their criminal revenue.
An in-depth and comprehensive discussion on components of and threats to telecom can be read in our joint report with Europol’s Cybercrime Centre (EC3), the Cyber-Telecom (CyTel) Crime Report 2019. Here, we highlight and summarize some of the telecom-related threats that we categorized into two: those facilitated through physical telecom infrastructure, and those that are network-based.
Physical Infrastructure Attacks
With the right set of tools, a criminal can facilitate fraud through the very infrastructure used in telecom. The basic function of telecom infrastructure is to maximize the amount of traffic it transfers, be it calls or other forms of data. Users access this infrastructure through SIM cards in edge devices like smartphones. Once a criminal gains control over a SIM card, he or she also gains access to all the billing capabilities of the telecom network. Criminal organizations with their own telecom infrastructure can also push traffic across SIM cards more successfully by being billable under one carrier. This form of fraud is usually done on carriers in another country, further complicating the case for industry investigators and law enforcement.
Attacks that can be facilitated through telecom infrastructure include the following:
- SIM Box Fraud: A form of fraud that involves the use of SIM boxes, devices which can hold several hundreds of SIM cards. Using SIM box cards can allow criminals to route inbound traffic across voice over IP (VOIP) to change arbitrary carrier metadata and even bypass legitimate law enforcement processes like wiretaps and Production Orders.
- International Revenue Share Fraud (IRSF): A term used for frauds characterized by two sets of criminals, one that does the money laundering and another that facilitates the actual fraud through actions like CyTel hacking.
- Prepaid Charging Abuse: An attack that hinges on the characteristic of prepaid SIM cards as portable and anonymous, therefore, having the potential to transport illegal revenue.
Physical telecom infrastructure is not the only means criminals can abuse to facilitate their attacks — they can also target the network that connects physical structures and edge devices. Different aspects of the network can be used by criminals to cash in on telecom.
Attacks that can be facilitated through the telecom network include the following:
- Privacy Branch Exchange or PBX Hacking: Fraud that involves the attacker gaining control over the telecom PBX computers, which route income-generating traffic. These PBX computers are usually protected only by either default passwords or weak ones, meaning they can easily be bypassed by hackers.
- Subscription Fraud: An attack that involves gaining access to a legitimate telecom user account and subsequently getting control equal to the owner of the account. This access could also allow the attacker to influence the billing history of the legitimate owner and even completely lock him/her out of the account.
- Wangiri: An automated fraud method which autodials calls to many numbers or people but with the victim phone ringing only once. Missing the call, the victim could call back the number, generating immediate billing — a cost made especially higher if the attacker’s number is a premium one.
- Voice Phishing/Vishing: A social engineering technique that uses automated voice calls or messages to several numbers and induces the victims to respond with information like important credentials.
The threats we described are made possible through the very same infrastructure, processes, and technologies of telecom that make it so indispensable to industries and consumers. Cybercriminals can also use familiar threats to these infrastructures, like the deployment of malware to infect devices and networks. These threats reflect how cybercriminals will make opportunities to enrich themselves through the very facilities employed by critical industries. Being able to use telecom for its original purpose of connecting users and allowing them to communicate with the rest of the world should also involve being prepared for and defending against attacks.
For threats that affect the foundation of how we connect with each other, collaboration among telecom stakeholders is crucial. Users, telecommunication companies, governments, and law enforcement agencies all play a role in reducing the impact of telecom frauds, if not completely stop them. As the telecom industry continues to grow, with technologies like 5G being anticipated already, it is an opportune as well as critical time for the private and public sectors to share knowledge about these threats to work together to improve the security of current and subsequent physical and cyber infrastructure.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report