Government agencies are increasingly attacking telecom operators’ infrastructure and applications to establish covert surveillance. These sophisticated actors typically use very advanced persistent threats (APT) that can operate undetected for long periods of time. Communication channels targeted for covert surveillance include everything from phone lines and online chat to mobile phone data. There have even been cases where one nation’s cyber-attack prevented another nation’s leaders from communicating on their mobile devices.
Given that telecom companies control critical infrastructure, the impact of an attack can be very high and far-reaching. In fact, even the false claim of an attack can force a telecom company to shut down critical services that consumers and businesses rely on.
Customer data is another popular high impact target. Telecom organizations typically store personal information — such as names, addresses and financial data – about all of their customers. This sensitive data is a compelling target for cyber-criminals or insiders looking to blackmail customers, conduct
identity theft, steal money or launch further attacks. Information can be lost in a variety of ways that may be as simple as a stolen laptop. Of course, laptops can be lost or stolen in any sector; however, the problem tends to be worse in telecom because employees in this sector often serve customers as part of
a call center or help desk function and may have large amounts of sensitive customer data stored on their laptops.
One critical threat unique to the telecommunications sector is the attack of leased infrastructure equipment, such as home routers from Internet Service Providers (ISPs). Once the equipment has been compromised, hackers can use it to steal data, launch other attacks anonymously, store exfiltrated data, or access expensive services such as international phone calls. To avoid upsetting customers, telecom companies generally refund any charges associated with such attacks, often resulting in significant lost revenue.