Anssi reveals cyber threats to telecoms

Personal data leakage, sabotage operations, communication fraud - the French cybersecurity agency has compiled an alarming overview of the threats facing the telecommunications sector. And it cites a few examples.

Although the French national agency for information systems security calls the sector "supercritical," it says in its report that it has been informed of more than 150 security breaches in the telecommunications sector in the past three years. Nearly fifty required its intervention.

Two-thirds of the events affected strategic companies in the sector, some of which required serious operational action by Anssi.

The agency identifies three main types of threats. In its view, spying operations involving data leaks are the most worrying.

"Attackers allegedly linked to Chinese and Iranian strategic interests are documented to be highly active in this area," although incident histories show that the sector is regularly targeted by more diverse strategic actors.

Core network compromise

In recent years, the agency has seen an alarming increase in attacks affecting equipment, particularly the routers that underpin operators' networks. These highly sophisticated attacks are often carried out over long periods of time and are difficult to detect. They compromise the integrity of operator networks and give attackers direct access to the communications of strategic organizations and individuals. This affects the confidentiality of the data exchanged.

Satellite equipment is also being used by certain groups with ties to Russia to carry out spying attacks on targets around the world. In the case of the Turla MOA, the goal is to capture the IP addresses of terminal equipment and intercept downstream traffic, often unencrypted, from satellites to terminals. Criminals exploit weaknesses in protocols without putting satellite equipment at risk.

Destabilization

Another type of threat is destabilization attacks. This time they are carried out mainly by hackers who engage in DDoS, blackmail and the release of personal data related to political demands.  "Large-scale sabotage operations continue to pose a serious threat to the sector," says Anssi.

The attack on KA-SAT's satellite communications network on the night of the Russian invasion of Ukraine in February 2022 demonstrated the large-scale consequences of a sabotage operation. Attributed to Russia, it knocked out several tens of thousands of modems.

Fake repeater antennas

Finally, Anssi mentions attacks for financial gain, which are widespread in the telecommunications sector. A significant portion of these involve telecom fraud. Subscribers are redirected to premium rate numbers without their knowledge, or they fall victim to fraud when cybercriminals misappropriate national phone numbers.

Cases of spam or SMS phishing are also linked to bogus cell phone base stations used to send bulk messages to cell phones located in a specific geographic area.

Business customers, in turn, are attacked on internal equipment such as automated stations or PBXs. By exploiting known vulnerabilities, attackers can make calls or even create ephemeral low-cost international communication services sold over the Internet using the victim company's networks.

Supercritical sector

In addition to indirect reputational risks, operators are also exposed to opportunistic attacks based on the mass of personal data they hold. The disappeared data is then resold by cybercriminals or used in ransomware attacks to blackmail them into revealing their data.

The size of operators' networks and their heterogeneity due to successive acquisitions, as well as the accumulation of significant technical debt, complicate their security and make it even more important to consider threats targeting this sector. This sector is labeled "supercritical" because of the systemic implications an incident could have on this type of infrastructure.