The recent IT outages affecting industries such as airlines, retail, and healthcare worldwide highlight the importance of robust and seamless cybersecurity operations. In the telecommunications industry, where high-performance and uninterrupted service are expected, such disruptions can have severe implications. Moreover, the rapid evolution of cybersecurity threats presents additional challenges to telecom networks, especially with the advent of 5G and other advanced technologies.
One such threat has been dubbed GTPDOOR, a sophisticated Linux backdoor discovered earlier this year that exploits vulnerabilities in networks via the GPRS Roaming Exchange (GRX), a central hub for mobile data. Through this pathway, GTPDOOR establishes covert communication channels with attackers' servers, allowing persistent and undetected access. Its ability to blend seamlessly into routine network operations makes it a very serious threat.
As hackers refine their tactics to evade detection, the need for robust, multilayered defense mechanisms becomes increasingly critical. The emergence of GTPDOOR serves as an important reminder of the critical need for continuous monitoring, advanced detection capabilities, and robust security measures to safeguard critical telecom infrastructure.
Why telcos need specialized EDR
Telecom networks face vulnerabilities from advanced malware, insider threats, ransomware, and Distributed-Denial-of-Service (DDoS) attacks. Proactively mitigating these threats presents a significant challenge to security operations teams tasked with ensuring network continuity. Moreover, they need not only to understand attack methods, but also to have expertise in core, transport, and radio technologies.
In 5G, the stakes are even higher. The increased speed and low latency of 5G enable critical services such as autonomous vehicles, smart grids, and real-time manufacturing operations. Any compromise in network performance could be catastrophic, making it crucial to maintain seamless operation of all network elements to ensure public safety and economic stability.
There are a few critical considerations that operators must prioritize when securing telecom network elements with endpoint detection and response (EDR) tools:
- Continuously maintained network availability: Cyber threats such as GTPDOOR malware pose a serious risk to essential network components like the Gateway GPRS Support Node (GGSN). Compromise of such elements can result in major disruptions to service availability, impacting both voice and data services for a large number of subscribers. To mitigate this risk EDR agents play a crucial role in monitoring and securing network endpoints. However, their integration must be seamless to prevent unintended interruptions in network operations. This necessitates the deployment of lightweight EDR agents that minimize CPU resource consumption while maintaining robust security monitoring capabilities. We need to design these agents to avoid causing performance bottlenecks or service degradation, aligning with regulatory and industry standards such as the NIS2 Directive, the UK’s Telecommunications (Security) Act (TSA), and 3GPP security standards, which emphasize the importance of maintaining high service availability and operational reliability.
- Network visibility without any blind spots: Achieving comprehensive network visibility requires a combination of agent-based detection, network traffic analysis and machine learning (ML) capabilities, like anomaly detection. It’s essential to have this holistic view of the network infrastructure to accurately identify deviations from normal network behavior in real-time caused by threats like GTPDOOR, detecting lateral movement, and understanding how threats propagate across various network elements. While ML enhances threat detection by identifying patterns and anomalies, it’s important to complement it with other methods to address limitations, such as false positives, false negatives, and susceptibility to adversarial attacks. Additionally, we should fine-tune ML-based systems to offer contextual understanding and improve the accuracy of threat detection.
- Telco-specific lifecycle alignment: Carefully align EDR agents deployed in telecom environments with the lifecycle of network elements to ensure comprehensive security coverage and mitigate vulnerabilities. Proper lifecycle alignment reduces the need for extensive testing and optimizes operational costs, while also ensuring adherence to regulatory requirements. Effective lifecycle management minimizes security gaps and enhances the overall resilience of the network against sophisticated threats like GTPDOOR. It’s also crucial to configure EDR agents correctly to avoid introducing new vulnerabilities, such as potential eavesdropping risks, given their elevated privilege levels. Regulatory frameworks and industry standards guide the alignment and configuration of these agents to safeguard subscriber data privacy and maintain compliance.
By addressing the unique requirements of telecom environments, specialized EDR products can deliver the robust security necessary to protect network functions against the complex and evolving threats faced by telecom networks.
Achieving comprehensive telco network protection
Advanced telecommunications networks do more than offer connectivity: they serve as the backbone of critical infrastructure and deliver services that require global resilience against disruptions. The continuous evolution of sophisticated threats like GTPDOOR highlights the need for robust cybersecurity measures.
Telecom operators should invest in products tailored for multi-vendor telco networks that incorporate intelligent sensors within the network elements to detect anomalies and intrusions in real time. Combining AI-powered techniques with telco threat intelligence for real-time anomaly detection and automated threat response enables rapid and unified threat hunting.
Implementing such a strategy ensures that all aspects of the network infrastructure are protected, maintaining continuous service for millions of subscribers, and supporting critical services like autonomous vehicles, smart grids, and real-time medical applications. This robust security posture is now essential to safeguard public safety and economic stability in the rapidly advancing 5G environment.
Kal De, senior vice president, product and engineering, Nokia