Sunday, January 12, 2025
spot_img
More
    HomeBusiness InsightsReport Reveals Alarming Cyber Threat Trends in Telecom Industry

    Report Reveals Alarming Cyber Threat Trends in Telecom Industry

    Netskope Threat Labs’ June 2024 report offers an in-depth analysis of cyber threats targeting the telecom industry. This monthly report aims to provide actionable intelligence to help telecom organizations safeguard their digital assets. The June edition highlights cloud app adoption trends, cloud app abuse, and prevalent malware affecting telecom users. 

    Also read: Exploring the Top Advantages of Cyber Security Measures

    “Users in the telecom industry tend to interact with fewer cloud apps in comparison to other verticals, yet the percentage of malware delivered from the cloud is 7 points higher than the other sectors. This indicates that employees within the sector have a more open attitude to cloud services and this inevitably reflects in a wider exposure to threats. They are more familiar with online tools such as cloud apps and this figure shows that threat actors tend to exploit this familiarity,” said Paolo Passeri, Cyber Intelligence Principal at Netskope.

    Cloud App Adoption in Telecom Industry

    Telecom users exhibit robust engagement with cloud apps, similar to other sectors but with distinct preferences. Attackers are abusing popular enterprise apps to deliver malware to victims in the telecom industry. This rising trend is against a backdrop of continued increase in cloud app adoption in the sector, where users engage strongly with a small selection of popular apps, including Microsoft. Tracking with this increased use of cloud apps, telecoms is the biggest victim of cloud-sourced malware by a considerable 7% margin compared to other industries.

    “This open attitude towards online services is also visible in the malware families that target telecoms users. In comparison to other verticals, there are many more malware families targeting this sector, with a wide range of threats spanning from IoT (the omnipresent Mirai) to downloaders (BanLoad and Guloader), banking trojans (Grandoreiro), infostealers (such as AgentTesla and Redline), and phishing bait PDF documents,” added Passeri.

    Key findings include:

    • Interaction Rates: The average telecom user interacts with 24 cloud apps monthly, with the top 1% engaging with 77 apps.
    • Data Downloads and Uploads: Telecom users download data at rates comparable to other industries (97% vs. 95%). However, they upload data more frequently (76% vs. 67%).
    • Preferred Apps: Microsoft OneDrive, Teams, and Outlook are the top three apps, with OneDrive leading across all industries.

    Detailed Cloud App Usage:

    • Top Upload Apps: 30% of telecom users upload data to OneDrive daily, 50% more than other industries. WhatsApp and Outlook.com also see significant usage.
    • Top Download Apps: OneDrive leads again with 35% of users downloading from it, followed by Outlook.com and WhatsApp, which are more popular in telecom than in other sectors.

    Cloud App Abuse:

    • Malware Delivery: Telecom faces higher rates of malware downloads via cloud apps. The report notes seasonal fluctuations in malware delivery, with an overall increase in early 2024.
    • Leading Apps for Malware: Microsoft OneDrive and GitHub are top vectors for malware downloads in telecom, followed by Outlook. These apps are exploited due to their widespread use and user behavior, such as the likelihood to click on shared links.

    Prevalent Malware Families

    Among the most prevalent malware families targeting organisations in the telecoms industry were the remote access Trojan Remcos, the downloader Guloader, and the infostealer AgentTesla. “Interestingly many of these threats are characterised by the exploitation of authentic and well reputed cloud services throughout different stages of the attack chain: Guloader stores the encrypted payload on legitimate cloud services such as Microsoft OneDrive or Google Drive, Grandoreiro often abuses Microsoft Azure (but also AWS and Google) to deliver the final payload, and even phishing bait PDF documents are often hosted on legitimate cloud storage service to seem more realistic and legitimate,” observed Passeri.

    Also, the report identified the top 10 malware and ransomware families targeting telecom users:

    1. Botnet.Mirai: Targets IoT devices, notably routers and cameras.
    2. Downloader.BanLoad: Delivers banking Trojans.
    3. Downloader.Guloader: Delivers RATs and infostealers.
    4. Infostealer.AgentTesla: Steals browser passwords and more.
    5. Infostealer.RedLine: Steals data, including credit card info and crypto wallet details.
    6. Phishing.PhishingX: Uses malicious PDFs for phishing campaigns.
    7. RAT.NjRAT: Logs keystrokes and accesses the victim’s camera.
    8. RAT.Remcos: Provides extensive remote control capabilities.
    9. Trojan.Grandoreiro: Targets banking information in LATAM regions.
    10. Trojan.ModernLoader: Delivers cryptominers and other malware payloads.

    Recommendations

    To combat these threats, Netskope Threat Labs recommends several measures:

    • Inspect All Downloads: Utilize NG-SWG to scan all web and cloud traffic.
    • Analyze High-Risk Files: Combine static and dynamic analysis for executables and archives.
    • Restrict App Usage: Block unused apps to reduce risk.
    • Control Data Uploads: Limit uploads to necessary apps to prevent data exposure.
    • Deploy IPS: Identify and block malicious traffic patterns.
    • Use RBI Technology: Provide protection when accessing high-risk websites.

    Author

    RELATED ARTICLES

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Most Popular

    spot_img
    spot_img