The WannaCry attack, which began on 12 May, hit some 300,000 machines in more than 100 countries. An example of ransomware, it locked files on computers until a payment was made – although it seemed highly unlikely coughing up the cash would get the data back.
Spanish operator Telefonica was one of the highest-profile victims of the attack, with (unconfirmed) reports suggesting 85 per cent of its computers were locked, and hackers demanded $550,000 in Bitcoin payments. Some companies in the country, including Vodafone’s Spanish unit, asked staff to cut off internet access in case they had been compromised.
Across the border, Portugal Telecom was also said to have been hit.
Telefonica said the impact was limited to computers on an internal network and the attack didn’t affect customers, with chief data officer Chema Alonso tweeting the attack had been “overblown” by the media.
However, Telefonica’s director of public policy and internet, Christoph Steck, took a different perspective. At the GSMA’s M360 Privacy and Security event in The Hague in late May, he said the intense attention gained from the attack increased public and media awareness of cyber security.
No matter how one looks at it, what is undeniable is operators are sitting up and taking notice of the dangers of a ransomware attack. Practically every company in the world with any kind of IT system is at risk, and the telecoms sector is no exception.
Vodafone Group CEO Vittorio Colao said even though his company was not impacted by the attack, the issue of security “kept him awake at night”.
And with good reason. Robert Winters, director of communications security at Cobham Wireless, said operators should be on high alert as networks are vulnerable and an attack could affect millions of customers. GSMA director general Mats Granryd said the attack “underscores the pernicious impacts of so-called zero-day vulnerabilities”.
Meanwhile Steve Buck, COO of Evolved Intelligence, is of the opinion: “operators are fighting a high-profile war across many fronts against the threats to their IT systems, to the devices on the network, to the network itself and to its users”. Ransomware is just one example of this.
So, in short, the answer to the question posed in the title of this blog is: yes.
Vijay Michalik, analyst at Frost & Sullivan, explained to Mobile World Live factors leading to a “crisis tipping point” are the rise of ransomware-as-a-service, leaked exploits from the US National Security Agency’s (NSA) espionage toolbox, and significant under-investment in cybersecurity practices.
The recent attack was paired with the EternalBlue exploit developed by the NSA and leaked online by a hacking group called The Shadow Brokers.
There is a lot at stake if a company is hit. Customer data becomes vulnerable, and all departments from finance to customer services are affected, not to mention reputational damage.
As the Nigerian Communications Commission pointed out: “This situation demands that proactive measures be taken by all players in the telecommunication ecosystem to forestall the hazards of critical data loss, financial losses and ultimately network/business disruption.’’
What can operators do?
While Colao called for cross-sector collaboration across Europe to stave off the threat of cyber-criminals, Cobham Wireless’ Winters said it is important to ensure network security is a top priority.
“Operators must take preventative actions to identify any flaws in their networks that could cause them to be infiltrated. This is possible by doing real-world threat emulation on their networks and testing the myriad of veritable ransomware and malware that could damage their communications services and reputations,” he said.
Michalik recommended the “proactive implementation” of security patches rolled out by software vendors. According to him, failure to do so was the source of WannaCry’s success – and Microsoft had pushed out a patch to the issue that the recent ransomware was able to exploit.
The problem lies in the fact businesses are slow to react to such updates due to a lack of awareness of what they are putting at risk.
This brings us to Michalik’s next recommendation, which is cybersecurity training for all staff members, “an often overlooked opportunity”. For instance, operators should not take for granted that employees will know not to open e-mail attachments or links from unknown sources, or not to click pop-ups on unknown websites.
Michalilk also believes the most forward thinking companies will employ advanced threat protection systems using artificial intelligence and blockchain technologies to ensure data security and integrity.
Operators need to now be more vigilant than ever, because, as Granryd said: “the threat level will continue to rise with increasing smartphone penetration, IoT prevalence and use of cloud computing”.
The editorial views expressed in this article are solely those of the author and will not necessarily reflect the views of the GSMA, its Members or Associate Members.