industry
UNLOCKED
STRENGTHENING TELECOM CYBERSECURITY : EXPERT STRATEGIES FOR RESILIENT NETWORKS
As cyberthreats grow more sophisticated , telecom providers must strike a delicate balance between robust cybersecurity and uninterrupted service . In this feature , four industry experts share their insights on how providers can fortify their networks against evolving threats while maintaining seamless connectivity for customers .
Andy Mills , VP of EMEA for Cequence Security
Andy Mills , VP of EMEA for Cequence Security
A major point of exposure for telcos are their Application Programming Interfaces ( APIs ). These are essential in enabling the provider to rollout digital services and provide an engaging experience to customers by facilitating rapid access to data on the backend . But that access also makes them a prime target for attackers .
Typical attacks include account takeovers ( ATO ), enumeration attacks that lead to SIM-swapping , and the abuse of authentication to escalate privileges and steal data . The problem for telcos is that APIs are intrinsic to the customer experience so any protection measures they put in place risk increasing friction .
In one recent example , a global tier one telco was bombarded with in excess of 22 million access requests against six of its APIs which led to ATO . The attacker was able to manipulate the International Mobile Equipment Identity ( IMEI ) numbers to submit fraudulent trade-in orders , securing higher values for the devices than they were actually worth .
As the malicious traffic to the API seamlessly blended with legitimate user requests it was able to bypass the traditional IP-based defences that were in place and simply blocking it wasn ’ t an option as it would have disrupted those legitimate users . Instead , it was necessary to identify specific user behaviours that could be isolated .
Examining the timing revealed the attacks were during business hours , again making it difficult to isolate , but analysing the frequency and nature of the attacks was more revealing . It soon became apparent that the attacker was systematically testing IMEIs to identify valid codes and was using clean proxies with residential IP addresses of the targets ’ primary business country to get past existing security controls that relied on IP reputation databases .
Detecting and mitigating such an attack required the use of advanced automated detection tools capable of deep packet inspection ( DPI ) and behavioural analysis . By analysing the session identifiers and bearer tokens it was possible to track the attack across various APIs , detecting when the same tokens were reused in multiple requests .
Countermeasures could then be applied in the form of rules and policies to protect the company ’ s network without disrupting legitimate users and stricter blocking policies for the malicious behaviours . In addition , utilising header injection allowed the telco to monitor API traffic in real time . This involved adding custom headers to HTTP requests and responses allowing for detailed tracking of suspicious activities without altering the end-user experience . These targeted measures were automatically performed and effectively neutralised the attack while ensuring uninterrupted service for the customer base .
Going forward , the precision of these types of attacks in probing and exploiting APIs is only going to increase , necessitating the use of dedicated API protection .
44 WWW . INTELLIGENTCISO . COM