Safeguarding operator networks against sophisticated international threats

What is the cost of telecoms fraud? €29 billion a year, according to Europol, representing one of the largest sources of lost revenues for operators. From the direct cost of traditional wholesale fraud and indirect costs associated with damaged reputations and regulatory oversight to hindering enterprise segment revenues, telecoms fraud is an issue that has a significant overall impact. Fraud is growing and mutating, too, moving away from its traditional domains of voice and messaging towards areas like spying and hacking of mobile operators as well as subscribers and enterprises.

Cybersecurity threats are spreading globally to mobile networks

Mobile network vulnerabilities are increasingly being exploited, particularly via their international connections with the rest of the world, because these parts of the network are much easier for hackers to spoof. These types of malicious activities are exploiting the lack of effective security measures in place, such as authentication, integrity and confidentiality protection in the telecoms protocols that are used for interworking between mobile operators (SS7, Diameter and GTP).

Operators, subscribers and devices connected to mobile networks are therefore vulnerable not only to ‘traditional’ forms of telecoms fraud, but also to new cyber threats through abuse of signalling interconnections with malicious messages. This enables criminals to track subscribers, intercept national or international communications from abroad, conduct SMS attacks like SIM-jacking, or perform Denial of Service attacks on subscribers or operator’s nodes.

These attacks are on the rise but still poorly detected and rarely made public – unless it makes the headlines, when it is used to empty subscribers’ bank accounts as we have seen in some high-profile incidents in Germany and the UK. They have other far-reaching ramifications as they compromise the operator’s infrastructure and even national security, affect the confidentiality of communications, impact compliance with data privacy regulations such as GDPR and threaten operators’ A2P and IoT business.

There are also new attack vectors to consider. IDC estimates there will be 42 billion connected IoT devices by 2025. At the same time, global A2P business messages are expected to reach 3.5 trillion by 2023. These are important revenue-driving opportunities for operators and the industry as a whole is highly susceptible to fraud, getting exposed to signalling threats, alongside SMS attacks including smishing – also known as SMS phishing – and spam attacks. And they are getting more attention from organised crime as they grow in size. Therefore, in order to secure the revenue streams from IoT and A2P SMS, mobile operators must keep security front of mind.

Tackling the issue: Gaining visibility of the attack surface

Firstly, operators need to have a detailed picture of what attacks the network is facing – it is no longer enough to apply basic security measures. Waiting for new threats to appear then plugging them will not help turn the tide of fraud either. To address the issue, operators must increase network resilience on two fronts: firstly, minimising the attack surface of the network and secondly, monitoring SS7, Diameter, and GTP signalling in real time.

Ultimately, this means having a better view of network visibility and actionable, data-driven intelligence. When it comes to fraud, knowing what is happening at a mobile operator’s international boundaries, and understanding where existing infrastructure is vulnerable, is critical to reduce the impact on reputations and revenues.

What this looks like in practice

Mobile operators need to identify the weak points in the network and understand what level of security is in place. From there, it is a case of proactively plugging the security gap before it can cause significant damage.

However, this can be difficult to achieve for a number or reasons. It requires access to specialised telecoms security experts with a deep understanding of roaming and the latest threat intelligence. At the same time, it also needs operators to dedicate significant resources to running full-scale network penetration tests, with a multi-network level understanding of how fraud is moving around the world and what current traffic patterns look like.

Operators are understandably concerned about minimising the disruption to normal business and avoiding operations teams spending time on false positives. This is where a wholesale carrier can provide an advantage.

A global wholesale provider like BICS has a unique position in the ecosystem. As an international gateway sitting at the boundaries between operator networks and businesses, it can authenticate message sources and block illegitimate traffic. With a network that carries 25% of global roaming signalling traffic and 50% of the world’s data roaming, BICS has extensive visibility into international traffic and associated threats to detect suspicious traffic patterns and protect operators before it reaches their network boundaries.

To help operators address this issue, BICS has partnered with POST Cyberforce. By pairing POST Cyberforce’s expertise and custom-developed tools in protecting critical infrastructure with BICS’ fraud prevention suite, operators get a complete solution which includes state-of-the-art penetration testing of the roaming environment and a telecoms intrusion detection system combined with active protection on BICS nodes. This provides operators with an additional layer of security and, in turn, makes fraud prevention far more cost-effective and efficient than running a 24×7 internal fraud operations team.

Safeguarding the network – a marathon, not a sprint

Networks are constantly evolving with the integration of new vendors, relationships linked to business evolution and the adoption of new technologies. But 2G is expected to still be here for the next 15 years and so are its SS7 vulnerabilities.

It is important to remember that the fight against fraud is a continuous exercise. Fraud is a sophisticated, well-organised international industry that is constantly evolving and mutating, and is expected to extend towards 5G. Operators must operate an ongoing test/ monitor approach with a practical mindset: not every type of fraud can be stopped all the time, but systematic screening and protection measures are invaluable in decreasing network vulnerability.

Not only will this improve security overall – by bolstering protection on an operator’s international boundaries – it will protect against the hidden costs of fraud that can be just as damaging to the bottom line as the lost revenue itself. It will also enable operators to develop new enterprise revenue streams with value-added services built around secure mobile connectivity.

Success means working with a global telecoms provider that can deliver a complete picture of network security. Visit the BICS website to find out more.