The telecom sector has become a possible target of cyberattacks due to the widespread use of telecom infrastructure and applications across various organizations. Highlighting the threat — according to a report from McAfee, telecom was one of the top two sectors targeted sectors by ransomware in the second quarter of 2021.
New APT Groups Targeting Telecom Sector
As researchers discovered a number of cyberattacks designed to steal important information, a new China-linked LightBasin threat actor group, posed a new threat to telecommunications companies.
At least 13 telecommunication companies around the world have been targeted by the notorious gang since 2019, according to CrowdStrike researchers.
The initial intrusion is facilitated by password-spraying attacks, which eventually leads to the deployment of SLAPSTICK malware.
In addition, in an ongoing campaign against telecom companies, a previously unknown APT group known as Harvester has also been observed deploying a custom backdoor known as Graphon.
The APT group has been using the malware since June to collect screenshots and download other malware. Currently, the group is targeting on businesses in South Asia.
Since the outbreak of pandemic, the world has become more dependant on connectivity and web services as more people choose the remote working model. Unfortunately, this gave DDoS attackers more possibilities to target organizations.
Wired telecommunication carriers were among the most affected industries in the first half of 2021, with some of them recording 1.5Tbps.
A series of DDoS attacks recently targeted VoIP firms, disrupting their infrastructure and services. Bandwidth, a VoIP company based in Raleigh, was one of the prominent victims.
Black Storm Attack
Security researchers also discovered a new type of DDoS amplification attack that might put Communication Service Provider (CSP) networks at risk.
Known as Black Storm, the attack approach is capable of interrupting DNS servers or other similar open services, causing connectivity to be disrupted.
Researchers warned that the volume of a single Black Storm attack could be enough to shut down medium- to large-sized businesses’ services and significantly disrupt a large-scale CSP network.
Concluding Note
Since the telecom carriers are the gateway into several businesses, telecom carriers, as well as their third-party suppliers and subscribers, can be a lucrative target for attackers. Furthermore, the recent advent of 5G connectivity in telecoms is likely to introduce additional new DDoS-based attacks. As a result, network carriers should be aware of the cybersecurity risks and strengthen IT infrastructure security to mitigate such threats.