Following a recent and highly disruptive cyberattack on telecom carrier Orange España the cybersecurity community needs to rethink its approach to safeguarding the digital identity of staff involved in network engineering and IT infrastructure management. Orange España is the second-largest mobile operator in Spain. In early January, an attacker going by the alias ‘Snow’ hijacked Orange España’s RIPE Network Coordination Centre (NCC) account. RIPE is Europe’s regional Internet registry. After this initial breach, Snow sabotaged the telecommunications firm’s border gateway protocol (BGP) and resource public key infrastructure (RPKI) configurations.
Snow’s account takeover (ATO) attack and subsequent infrastructure reset caused a three-hour service outage, inconveniencing Orange España’s customers and disrupting the company’s operations. Ultimately, this cyberattack illustrates why network engineering and IT infrastructure management staff represent high-value targets to attackers. By virtue of their job duties, these personnel groups are granted higher levels of privileged access by their enterprises. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network Information Center (LACNIC), resulting from infostealer infections.
While disruptive cyberattacks on telecom carriers and related network infrastructures are rare there has been a steady increase in attacks targeting this sector, noted Dark Reading last year. The motive behind these attacks is typically espionage. Factors driving the rise in telecom cyberattacks include the proliferation of 5G networks and VoIP services,” according to the Dark Reading report.
Newer telecom services like 5G are particularly vulnerable to cyberattacks because their core technologies are all software designed. According to the Dark Reading report, this means “all the risks associated with software technologies will manifest on carrier networks.” However, Resecurity’s report is more concerned with how the poor digital hygiene of key telecom network personnel can amplify the breach surface for threat actors, potentially setting the stage for more devastating attacks.