Recent headlines have focused on data breaches of social media platforms, but the frequency and impact of these attacks pale in comparison to those in cyber-criminals’ favorite industry: telecommunications. Cyber-attacks on telecoms are popular because their databases carry detailed information on millions of customers. A successful telecom data breach could yield contact details, social security numbers, and credit card information – a goldmine for dark actors dealing in data on the dark web.
News of a worldwide espionage campaign by an unknown nation-state group targeting the telecommunications sector is a troubling example of this trend. The group has been using a new toolset that includes a backdoor dubbed Graphon. This campaign comes after attacks on several telecommunication companies by the Chinese nation-state group LightBasin over the past two years.
New research indicates that cyber-attacks targeting telecommunications companies are increasing
Cognyte’s Threat Intelligence research group has been looking into recent attacks on the telecom industry. While there has been an increase in nation-state groups’ activities, a more trouble trending seems to be the overall increase in cybercrime against the telecommunications sector.
Research from the last month found that databases of multiple telecommunications companies were traded or offered for free on Dark Web hacking forums. Below are a few of those breached:
KobiKom – A database of the Turkey-based telecommunication company was offered for sale on an English language Dark Web hacking forum.
CANTV – A database of Venezuela’s state-owned telecommunication and ISP company was offered for sale. In this case, the seller claimed that he managed to obtain the company’s configuration files, operational manuals, data related to a border monitoring project involving CCTV surveillance, and data related to an espionage project.
NV7 – A database of the Brazilian telecommunication company was offered for sale on a prominent Dark Web forum.
ANTEL – A database of Uruguay’s government-owned telecommunications company was shared for free on Dark Web platforms.
Interwarp – A database of the Argentinian telecommunication company was shared for free on Dark Web platforms.
These incidents clearly present the interest of different types of threat actors in breaching companies in the telecommunication sector and indicates that the data obtained from such companies is perceived as valuable.
Most of the databases contained client data, which attackers can abuse for targeting spam messages, scams, and phishing, or exploit to impersonate individuals for illicit purposes.
Are you ready to protect your telecommunication company from attacks and data breaches?
Cognyte’s targeted Cyber Threat Intelligence platform enables telecom companies to proactively anticipate cyber threats, reduce risk and enhance the overall security resilience.
Read the story of how a leading European telecom used Cognyte’s CTI solution to tackle blind spots and prevent attacks in our case study.