Security Threat Intensifies for Service Providers

News Analysis
Carol Wilson, Editor-at-large

9/25/2013

ORLANDO, Fla. -- COMPTEL Plus Fall 2013 -- Service providers are still not taking security seriously enough, according to panelists here, including a Florida-based FBI agent.

Citing an Arbor Networks study that showed 50 percent of telecom service providers lack protection against distributed denial of service (DDoS) attacks -- the most common threat to IP service -- Teri Francis, VP of customer solutions at NTT Communications Corp. (NYSE: NTT) Global IP Network, said there is still too much ostrich-like behavior going on in the service provider community.

"Many executives don't even know what a DDoS attack is," Francis said. "There is a head-in-the-sand mentality that if it hasn't happened to me, it won't happen."

The problem can also be organizational: Some companies have a single security authority while others distribute that authority and may be leaving themselves vulnerable as a result, said Level 3 Communications Inc. (NYSE: LVLT) CTO Jack Waters.

The purpose of this panel was to scare the service providers present into being more realistic about the prevalence of cyber-security attacks and convince them to be more prepared and take more precautions.

Waters also cautioned that attackers are getting smarter about who they target: Network Operating Center (NOC) technicians are targeted more often because attackers are looking to get access to their network credentials to do more damage, he said.

One new form of mobile attack is known as "smishing," according to Louis Archibald, senior consultant in the Rapid Response Retainer team at Level 3 Communications Inc. (NYSE: LVLT).

Victims receive a text message on their cellphones from an unknown party and it contains a link. If they click on that link, the bad guys "own your phone," he cautioned. In the era of bring-your-own-device (BYoD), mobile phone security is an issue for enterprises because of the potential co-mingling of business data on personal phones that aren't adequately protected from attack.

Senior FBI Agent Todd Renner advised telecom service providers to contact federal authorities any time there has been a breach, a process he says is not currently happening. While there are multiple federal agencies dealing with cyber security, the important thing is to contact someone, and the FBI is one place to start.

Renner also agreed with other speakers who said organized crime is increasingly involved in cyber threats and will often use DDoS attacks as diversions in complex schemes against high-value targets such as automated payroll processes. Renner said the bad guys can actually be patient -- they sometimes gain a presence in computers via security breaches but then wait years to act.

— Carol Wilson, Editor-at-Large, Light Reading

Like what we have to say? Click here to sign up to our daily newsletter

(4) |

Comment |

Print |

RSS

Security Threat Intensifies for Service Providers News Analysis Carol Wilson, Editor-at-large 9/25/2013 Comment (4) Tweet ORLANDO, Fla. -- COMPTEL Plus Fall 2013 -- Service providers are still not taking security seriously enough, according to panelists here, including a Florida-based FBI agent. Citing an Arbor Networks study that showed 50 percent of telecom service providers lack protection against distributed denial of service (DDoS) attacks -- the most common threat to IP service -- Teri Francis, VP of customer solutions at NTT Communications Corp. (NYSE: NTT) Global IP Network, said there is still too much ostrich-like behavior going on in the service provider community. "Many executives don't even know what a DDoS attack is," Francis said. "There is a head-in-the-sand mentality that if it hasn't happened to me, it won't happen." The problem can also be organizational: Some companies have a single security authority while others distribute that authority and may be leaving themselves vulnerable as a result, said Level 3 Communications Inc. (NYSE: LVLT) CTO Jack Waters. The purpose of this panel was to scare the service providers present into being more realistic about the prevalence of cyber-security attacks and convince them to be more prepared and take more precautions. Waters also cautioned that attackers are getting smarter about who they target: Network Operating Center (NOC) technicians are targeted more often because attackers are looking to get access to their network credentials to do more damage, he said. One new form of mobile attack is known as "smishing," according to Louis Archibald, senior consultant in the Rapid Response Retainer team at Level 3 Communications Inc. (NYSE: LVLT). Victims receive a text message on their cellphones from an unknown party and it contains a link. If they click on that link, the bad guys "own your phone," he cautioned. In the era of bring-your-own-device (BYoD), mobile phone security is an issue for enterprises because of the potential co-mingling of business data on personal phones that aren't adequately protected from attack. Senior FBI Agent Todd Renner advised telecom service providers to contact federal authorities any time there has been a breach, a process he says is not currently happening. While there are multiple federal agencies dealing with cyber security, the important thing is to contact someone, and the FBI is one place to start. Renner also agreed with other speakers who said organized crime is increasingly involved in cyber threats and will often use DDoS attacks as diversions in complex schemes against high-value targets such as automated payroll processes. Renner said the bad guys can actually be patient -- they sometimes gain a presence in computers via security breaches but then wait years to act. — Carol Wilson, Editor-at-Large, Light Reading Like what we have to say? Click here to sign up to our daily newsletter (4) \| Comment \| Print \| RSS Comments Newest First \| Oldest First \| Threaded View ADD A COMMENT [close this box] pdonegan67 9/25/2013 \| 3:26:00 PM Re: End User Biggest Factor Good point. When you deliberate over the difference between security for smartphones and security for M2M apps, at least you know you can trust the machines not to do something stupid. Reply \| Post Message \| Messages List \| Start a Board Phil_Britt 9/25/2013 \| 12:39:45 PM End User Biggest Factor Not to say that teleocom firms can't do more, but no matter what they do, if the users don't follow safe practices, it won't matter. Some of the most common passwords are "password," a sequence of numbers such as 1234 or something else that can be found via a simple search (phone, address, birthday). Several people also put out too much info on social media. Perhaps users should have to follow some simple security procedures just to activate a new phone. Reply \| Post Message \| Messages List \| Start a Board brookseven 9/25/2013 \| 11:42:23 AM Re: Many operators don't know what they don't know patrick, Also, remember most malware is hosted on websites...many of which are legitimate. So they not only need to watch their traffic, but their hosted content. seven Reply \| Post Message \| Messages List \| Start a Board pdonegan67 9/25/2013 \| 9:27:21 AM Many operators don't know what they don't know Without getting overly Rumfeldesque, one of the issues this piece alludes to is that many operators still don't know what they don't know where malicious traffic is concerned. An awful lot of them still don't know precisely how much malicious traffic they are carrying - either as a conduit to third party end targets (consumer's devices or the networks of enterprise customers) or bound for their own network elements. When operator CTOs do bother to open up the kimono they are often alarmed at the variety, volume and sophistication of the malicious traffic they are actually carrying in their own networks. This is driving greater awareness of the potential damage some of this traffic can do their own networks or their customers or both. Particularly where the mobile network is concerned, most network outages and service degradations are still caused by cock-up rather conspiracy. But be in no doubt that attackers will try and close that gap in the coming years. Each operator needs to determine for itself whether or not they are going to allow them to succeed. Reply \| Post Message \| Messages List \| Start a Board		Educational Resources sponsor supplied content Cybersecurity: Priorities & Proposals for Small ISPs Arbor & Cisco: Stopping DDoS Attacks Threat-Centric Security Solutions for Service Providers Cisco ASR 9000 vDDoS Protection Solution Cisco ASR 9000 Integrated DDoS Mitigation with Arbor Networks Peakflow TMS Cisco ASR 9000 vDDoS Protection Solution Frost & Sullivan: The Expanding Role of Service Providers in DDoS Mitigation Cisco ASR 9000 vDDoS Protection Solution Overview Educational Resources Archive Featured Video Upcoming Live Events Cable Next-Gen Breakfast Series @ SCTE’s Cable-Tec Expo October 1-2, 2019, New Orleans, Louisiana 5G Transport & the Edge October 10, 2019, New York, New York 5G Network & Service Strategies @ MWC19 Los Angeles October 22, 2019, Los Angeles, CA Software-Driven Operations November 5, 2019, London, England Global Telecoms Awards November 7, 2019, London, UK Cable Next-Gen Europe November 14, 2019, Maritim Hotel, Berlin Cable Next-Gen Business Strategies December 3, 2019, New York, New York 2020 Vision Executive Summit December 3-5, 2019, Vienna, Austria Cable Next Gen-Technologies & Strategies March 16-18, 2020, Embassy Suites, Denver, Colorado Big 5G Event May 18-20, 2020, Irving Convention Center, Dallas, TX All Upcoming Live Events Upcoming Webinars September 26, 2019 5G Converged SDN Transport – the Key to New 5G Services October 2, 2019 5G Mobile xHaul Test Specifications & Use Cases for Field Measurements October 3, 2019 Mapping Success: 5G Evolution Reimagined October 9, 2019 Driving 5G Profitability by Simplifying Operations October 10, 2019 Global Influences on IoT Agile Billing Development October 10, 2019 Everything you need to know about Implementing and Monetizing Microsoft Teams Calling October 15, 2019 The Race for Capacity: Space-Division Multiplexing in Next-Generation Subsea Cables October 15, 2019 From Static to Programmable. Leveraging the next wave of virtualization to deliver secure end-to-end applications. October 17, 2019 Automating the Cable Network November 14, 2019 Securing the Cable Network December 12, 2019 Virtualizing the Cable Architecture Webinar Archive Partner Perspectives - content from our sponsors Edge Computing, the Next Great IT Revolution By Rajesh Gadiyar, Vice President & CTO, Network & Custom Logic Group, Intel Corp The Benefits 5G Will Bring to Higher Education By Peter Linder Innovations in Home Media Terminals for the Upcoming 5G Era By Tang Wei, Vice President, ZTE Corporation SingleFAN Pro: Intelligent Full-Fiber Access, Embracing the Gigabit Era By Cao Changyang, Huawei How an Integrated Ecosystem of Partners Drives Edge Computing Customer Value By Schneider Electric All Partner Perspectives Slideshows France's Bike Fest Demands Tour de Force From Orange Post a Comment \| Read (5 comments) Scenes From Sprint's Big 5G Launch (3) The Big 5G Event: Photos (0) More Slideshows