{"id":10580,"date":"2024-10-01T11:31:41","date_gmt":"2024-10-01T10:31:41","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?p=10580"},"modified":"2025-10-21T15:53:03","modified_gmt":"2025-10-21T14:53:03","slug":"mobile-telecom-security-landscape-blog-october-24","status":"publish","type":"post","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/","title":{"rendered":"Mobile Telecom Security Landscape Blog: October 24"},"content":{"rendered":"\n<p>Welcome to our security threat landscape blog. <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/connectivity-for-good\/public-policy\/cybersecurity-awareness-month-navigating-the-online-world-safely-and-securely\/\">Cybersecurity Awareness Month is this October<\/a>; it&#8217;s recognised as a dedicated month for promoting security and safety and encouraging both public and private sectors to work together to raise cybersecurity awareness. This blog focuses on the need for full awareness of one\u2019s inventory of equipment, software and services.<\/p>\n\n\n\n<p>In order to establish and operate effective security defences, it is necessary to understand the assets that make up the network\u2019s attack surface. This includes all the systems (development and operational), legacy equipment, people, processes and services used to operate, design and maintain the network. These assets can include hardware and server estate, cloud and other services, exposed network ports and the operational software stacks.&nbsp; Each can benefit from inventory management to fully document the potential attack surface.&nbsp; Once the full estate is understood, a comprehensive defensive strategy can be established.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-reconnaissance\">Reconnaissance<\/h2>\n\n\n\n<p>Many potential attacks begin with a reconnaissance phase to understand the potential attack surface and possible weaknesses. This can involve a whole range of items, including IP address \u2018pinging\u2019, port scanning and reviewing LinkedIn member profiles. This latter item is used to better to understand possible phishing attack guises, understand the target\u2019s likely levels of permission \/ privileges and what equipment vendors \/ products they are responsible for.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-the-attack-surface\">The attack surface<\/h2>\n\n\n\n<p>In some cases, we see a reduction in attack surface through the sunsetting of some 2G and 3G networks and by disabling unnecessary services and features.&nbsp; <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/internet-of-things\/wp-content\/uploads\/2024\/07\/CLP.11-v2.2-GSMA-IoT-Security-Guidelines-Overview-Document.pdf\">GSMA Intelligence<\/a> cites that between 2010 and Q2 2024, there were 137 network sunsets, of which around 50% were completed in the last three years.&nbsp; However, there is also growth through deployment of stand-alone 5G cores, increased 5G radio access network deployment, disaggregated radio access networks (including O-RAN and virtualised RAN), introduction of new network APIs, extended supply chains, increased virtualisation infrastructure and the increasing number of connected devices, including smartphones, autonomous vehicles and other IoT equipment.&nbsp; In aggregate, network attack surfaces are expanding.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-attack-vectors\">Attack vectors<\/h2>\n\n\n\n<p>There are a number of attack vectors that may seek to compromise inventory items and each requires strong security controls and processes to minimise the likelihood and impact of any attack:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Phishing attacks<\/strong>: well-engineered and styled phishing attacks continue to have a finite success rate in penetrating perimeter defences.&nbsp; Consequently, anti-phishing campaigns and well architected internal network controls making lateral movement more difficult are important activities.<\/li>\n\n\n\n<li><strong>Malicious Insider<\/strong>: in a similar manner, internal controls, least privilege, strong authentication and employee vetting make it harder for a malicious insider to gain traction.<\/li>\n\n\n\n<li><strong>Managed Service Provider attack<\/strong>: remote compromise of a managed service provider offers a potential attack vector.&nbsp; Strong vetting, least privilege and trust domains form part of any defence.<\/li>\n\n\n\n<li><strong>Inter-connect \/ Roaming \/ Internet Signalling and DDOS attack:<\/strong> this attack vector is well documented and attracts significant coverage in GSMA Security documents.<\/li>\n\n\n\n<li><strong>Exposed routers and servers<\/strong>: a network operator will have a significant estate of vendor equipment, router and server infrastructure.&nbsp; Legacy equipment can use protocols with limited in-built security, eg Telnet.&nbsp; These exposed interfaces must be configured to use secure protocols or have additional security controls such as VPN protection to reduce the likelihood of success for an adversary attack.&nbsp; This applies to virtualised deployments in the same sense, in that bare metal compute, storage and network devices must be protected.&nbsp; Additionally, unused management protocols, internet services and accounts can be disabled to limit attack opportunities.<\/li>\n\n\n\n<li><strong>Physical attack of network infrastructure: <\/strong>eg at Cell Site(s) or Data Centres can be minimised through physical protection layers as well as access controls, alarming etc.&nbsp; A further layer of defence is to ensure management and other equipment interfaces are suitably protected to prevent onward attack within the wider network. Physical attacks on the RAN can also include Joint Test Access Group (JTAG) attack and Serial management ports compromise.<\/li>\n\n\n\n<li><strong>Device attack<\/strong>: with increasing access bandwidth and a range of malware attacks on device, protection must be considered against device-based network attacks (eg signalling \u2018storms\u2019, Denial of Service attacks, IoT Compromise) back into the network.&nbsp; Additionally, devices themselves may be subject to individual attack.<\/li>\n\n\n\n<li><strong>Air interface attack onto Radio Access Network <\/strong>or further in the wider network.<\/li>\n\n\n\n<li><strong>One critical security aspect is the link between the corporate and operator networks<\/strong> as it provides an attack vector into the operational network.&nbsp; Good security practices can mitigate this risk through secure networks, strong authentication and least privilege practices alongside strong Privileged Access Management (PAM).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-dimensions-of-inventory\">Dimensions of inventory<\/h2>\n\n\n\n<p>It is interesting to consider some of the possible dimensions of inventory management.&nbsp; Earlier in this blog we identified servers and enabled port services, but we might also include detailed records of configuration and build management, security of back-up arrangements, hardware bills of materials, software bills of materials, enabling services, remote accesses, VPNs, firewalls, Citrix environments, \u2018jump\u2019 boxes, load balancers, proxies, out of band server management interfaces and privilege accesses \/ administrator activities\u2026..<\/p>\n\n\n\n<p>As mentioned upfront, an attacker is likely to undertake detailed reconnaissance before launching the later stages of attack.&nbsp; It is important to first know the entirety of one\u2019s attack surface (&amp; inventory) in order that it can be adequately defended.<\/p>\n\n\n\n<p>Finally, I recommend you take a look at Gulistan Ladha&#8217;s ( GSMA\u2019s Consumer Policy Director) blog &#8216;<a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/connectivity-for-good\/public-policy\/security-in-a-shared-responsibility\/\">Security in a Shared Responsibility<\/a>&#8216;,\u00a0 which evaluates how and why cyberattacks are increasing in scope and scale across the world; and what mobile operators are doing to mitigate the risk of cyberattacks.<\/p>\n\n\n\n<p><strong>If you\u2019d like to discuss these themes or to get more closely involved, please email&nbsp;<a href=\"mailto:security@gsma.com\">security@gsma.com<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our security threat landscape blog. Cybersecurity Awareness Month is this October; it&#8217;s recognised as a dedicated month for promoting security and safety and encouraging both public and private sectors to work together to raise cybersecurity awareness. This blog focuses on the need for full awareness of one\u2019s inventory of equipment, software and services. [&hellip;]<\/p>\n","protected":false},"author":53,"featured_media":8308,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[1505],"tags":[],"algolia_discover_type":[],"class_list":["post-10580","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mobile Telecom Security Landscape Blog: October 24 - Security<\/title>\n<meta name=\"description\" content=\"Cyber Security Awareness Month. The October Security Landscape blog focuses on the need for full awareness of inventory of equipment, software and services.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mobile Telecom Security Landscape Blog: October 24 - Security\" \/>\n<meta property=\"og:description\" content=\"Cyber Security Awareness Month. The October Security Landscape blog focuses on the need for full awareness of inventory of equipment, software and services.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-01T10:31:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T14:53:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png\" \/>\n\t<meta property=\"og:image:width\" content=\"352\" \/>\n\t<meta property=\"og:image:height\" content=\"190\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"sfishwick@gsma.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sfishwick@gsma.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Mobile Telecom Security Landscape Blog: October 24 - Security","description":"Cyber Security Awareness Month. The October Security Landscape blog focuses on the need for full awareness of inventory of equipment, software and services.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/","og_locale":"en_GB","og_type":"article","og_title":"Mobile Telecom Security Landscape Blog: October 24 - Security","og_description":"Cyber Security Awareness Month. The October Security Landscape blog focuses on the need for full awareness of inventory of equipment, software and services.","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/","og_site_name":"Security","article_published_time":"2024-10-01T10:31:41+00:00","article_modified_time":"2025-10-21T14:53:03+00:00","og_image":[{"width":352,"height":190,"url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png","type":"image\/png"}],"author":"sfishwick@gsma.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"sfishwick@gsma.com","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/","name":"Mobile Telecom Security Landscape Blog: October 24 - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/#primaryimage"},"image":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png","datePublished":"2024-10-01T10:31:41+00:00","dateModified":"2025-10-21T14:53:03+00:00","author":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/779a7ff304b557a1b5fb9b7e5b34f150"},"description":"Cyber Security Awareness Month. The October Security Landscape blog focuses on the need for full awareness of inventory of equipment, software and services.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/#primaryimage","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png","contentUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png","width":352,"height":190,"caption":"A futuristic office with several people working at computer stations. The room features large windows showing a cityscape, and there are multiple digital screens displaying data and graphics. The environment has a high-tech, holographic feel with translucent digital overlays."},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/779a7ff304b557a1b5fb9b7e5b34f150","name":"sfishwick@gsma.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/053fecc6339b359a923239637a042baf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/053fecc6339b359a923239637a042baf?s=96&d=mm&r=g","caption":"sfishwick@gsma.com"}}]}},"featured_image_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/05\/Security-blog-1-e1744681104973.png","_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/10580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/comments?post=10580"}],"version-history":[{"count":9,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/10580\/revisions"}],"predecessor-version":[{"id":13710,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/10580\/revisions\/13710"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media\/8308"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=10580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/categories?post=10580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=10580"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=10580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}