This article is sponsored by BICS
What is the cost of telecoms fraud? €29 billion a year, according to Europol, representing one of the largest sources of lost revenues for operators. From the direct cost of traditional wholesale fraud and indirect costs associated with damaged reputations and regulatory oversight to hindering enterprise segment revenues, telecoms fraud is an issue that has a significant overall impact. Fraud is growing and mutating, too, moving away from its traditional domains of voice and messaging towards areas like spying and hacking of mobile operators as well as subscribers and enterprises.
Cybersecurity threats are spreading globally to mobile networks
Mobile network vulnerabilities are increasingly being exploited, particularly via their international connections with the rest of the world, because these parts of the network are much easier for hackers to spoof. These types of malicious activities are exploiting the lack of effective security measures in place, such as authentication, integrity and confidentiality protection in the telecoms protocols that are used for interworking between mobile operators (SS7, Diameter and GTP).
Operators, subscribers and devices connected to mobile networks are therefore vulnerable not only to ‘traditional’ forms of telecoms fraud, but also to new cyber threats through abuse of signalling interconnections with malicious messages. This enables criminals to track subscribers, intercept national or international communications from abroad, conduct SMS attacks like SIM-jacking, or perform Denial of Service attacks on subscribers or operator’s nodes.
These attacks are on the rise but still poorly detected and rarely made public – unless it makes the headlines, when it is used to empty subscribers’ bank accounts as we have seen in some high-profile incidents in Germany and the UK. They have other far-reaching ramifications as they compromise the operator’s infrastructure and even national security, affect the confidentiality of communications, impact compliance with data privacy regulations such as GDPR, threaten operators’ A2P and IoT business.
There are also new attack vectors to consider. IDC estimates there will be 42 billion connected IoT devices by 2025. At the same time, global A2P business messages are expected to reach 3.5 trillion by 2023. These are important revenue-driving opportunities for operators and the industry as a whole is highly susceptible to fraud, getting exposed to signalling threats, alongside SMS attacks including smishing – also known as SMS phishing – and spam attacks. And they are getting more attention from organised crime as they grow in size. Therefore, in order to secure the revenue streams from IoT and A2P SMS, mobile operators must keep security front of mind.
Tackling the issue: Gaining visibility of the attack surface
Firstly, operators need to have a detailed picture of what attacks the network is facing – it is no longer enough to apply basic security measures. Waiting for new threats to appear then plugging them will not help turn the tide of fraud either. To address the issue, operators must increase network resilience on two fronts: firstly, minimising the attack surface of the network and secondly, monitoring SS7, Diameter, and GTP signalling in real time.
Ultimately, this means having a better view of network visibility and actionable, data-driven intelligence. When it comes to fraud, knowing what is happening at a mobile operator’s international boundaries, and understanding where existing infrastructure is vulnerable, is critical to reduce the impact on reputations and revenues.
What this looks like in practice
A global wholesale provider like BICS has in a unique position in the ecosystem. As an international gateway sitting at the boundaries between operator networks and businesses, it can authenticate message sources . With a network that carries 25% of global roaming signalling traffic and 50% of the world’s data roaming, BICS has extensive visibility into international traffic and associated threats to detect suspicious traffic patterns and protect operators before it reaches their network boundaries.
To help operators address this issue, BICS has partnered with POST Cyberforce. By pairing POST Cyberforce’s expertise and custom-developed tools in protecting critical infrastructure with BICS’ fraud prevention suite, operators get a complete solution which includes state-of-the-art penetration testing of the roaming environment and a telecoms intrusion detection system combined with active protection on BICS nodes. This provides operators with an additional layer of security and in turn, makes fraud prevention far more cost-effective and efficient than running a 24×7 internal fraud operations team.
Safeguarding the network – a marathon, not a sprint
Networks are constantly evolving with the integration of new vendors, relationships linked to business evolution and the adoption of new technologies. But 2G is expected to still be there for the next 15 years and so are its SS7 vulnerabilities.
It is important to remember that the fight against fraud is a continuous exercise. Fraud is a sophisticated, well-organised international industry that is constantly evolving and mutating, and is expected to extend toward 5G. Operators must operate an ongoing test/monitor approach with a practical mindset: not every type of fraud can be stopped all the time, but systematic screening and protection measures are invaluable in decreasing network vulnerability.
Not only will this improve security overall – by bolstering protection on an operator’s international boundaries – it will protect against the hidden costs of fraud that can be just as damaging to the bottom line as the lost revenue itself. It will also enable operators to develop new enterprise revenue streams with value-added services built around secure mobile connectivity.
Success means working with a global telecoms provider that can deliver a complete picture of network security. Visit the BICS website to find out more.
BICS has a unique position in the ecosystem (to bring security)
- At the international edge
BICS, as a wholesale carrier is an international gateway sitting at the boundaries of the operator networks with the rest of the world. We can authenticate the source of the messages and block some of the messages which are not expected on the roaming interconnect. This is something we have been doing on 4G interworking from Day 1 and which has been adopted by other carriers through the RESIST initiative at the GSMA. Carrier screening capabilities are increasing and at BICS we have the ambition to play a key role in securing the ecosystem.
- Visibility on international threats
BICS, as Wholesale carriers have a unique position in the international exchanges – for instance we estimate at BICS that 25% of roaming signalling pass our network and 50% of the data roaming. This gives us a unique visibility on the international threats and the possibility to go beyond the operator endpoint of view, crowdsource threat intelligence from all our customers. This is something BICS is doing already for years on the International voice and messaging Fraud prevention with for instance about 1 Billion of fraudulent call Attempts Identified Proactively!
- Legitimate enabler
This role is being somehow acknowledged by the community as we are receiving an increasing number of request from our Signalling customers all over the world – in the form of RFPs, adhoc requests or open discussions. We are also working with groups & Tier 1 and we expect Signalling security to become a mandatory service bloc in the outsourcing deals of wholesale roaming – as we have seen Fraud Management evolved in the outsourcing deals of international voice and messaging business.