Mobile operators are being targeted by ransom seekers
France’s number two telco Altice was the target of a Hive ransomware attack on 9 August, according to Dark Web analysis company RedPacket Security, which disclosed the attack on 25 August.
Though the size of the attack and the nature of the data compromise remain a mystery, RedPacket has warned that files are currently being advertised as ‘available to download’ through the Tor browser.
Hive was first identified as a ransomware group in June 2021 and since then it has mounted attacks on increasingly large targets such as a Costa Rican health service. In July, Microsoft warned that Hive’s threat actors had developed a more sophisticated variant of the ransomware written in the coding language Rust, which allows them to encrypt the files of victims and impose parameters that are harder to identify and remedy in infected systems.
The adoption of digital technology has put mobile network operators increasingly at risk, according to telco protection specialist SecurityGen. They are seen as particularly vulnerable as they are in the midst of a transition and the process of ‘scaling up’ in haste has exposed many areas for hackers to exploit.
In May the US Federal Bureau of Investigation (FBI) warned in a briefing paper that MNOs are struggling to keep pace with routine software patching of Internet-facing services and endpoint devices. The three major US Govt security agencies, FBI, the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Agency, have warned that hackers breached major mobile network operators (MNOs) by exploiting software flaws in their network equipment, particularly the routers.The FBI had earlier issued a paper warning of a variety of devious hacking variants being primed for Ransomware attacks. Telco security should look out for names like Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte, it warned.
Telecom security specialist SecurityGen said attacks on telcos can include everything from targeted denial of service, data theft and full network outages. The new technologies used by MNOs, like 5G, cloud, virtualisation and open RAN have created both agility and fragility, it said. The convergence of IT and telecoms also brings significant new security problems and current security measures aren’t enough to identify vulnerabilities in networks. The MNOs might not even notice these weak spots but malicious attackers will and they’ll exploit them.
“5G may have better security protocols than previous generations but the complex 5G ecosystem presents several pathways for hackers to seek access as 5G relies on popular protocols,” said a spokesman, “hackers need no specialist telecom knowledge and skills to attack.”
Netherlands-based Altice has recently the subject of scrutiny over the size of its stake in British Telecom (BT). However the UK government has said it is taking no action over French group Altice increasing its stake in BT Group to 18%, on the ground that it is not a threat to national security.