HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
Telcos depend on networks, spectrum, software, and trusted identities, making resilience, availability, privacy, and supply-chain security essential.
Search across headline titles and summaries.
Background for this topic.
Telcos provide mobile, fixed-line, broadband, messaging, and data-transmission services. Their assets include radio access networks, fiber and transport links, core network functions, subscriber and billing systems, customer portals, and management platforms. They depend on power, data centers, timing, interconnection and roaming partners, and complex signaling between networks. Availability and integrity matter for ordinary connectivity and, where supported, emergency calling and other public-safety services.
Security concerns include unauthorized access to network-management systems, weaknesses in signaling such as SS7 or Diameter, compromised subscriber identities or SIM/eSIM processes, and vulnerabilities in virtualized or cloud-hosted network functions. These could enable message interception, fraud, location exposure, or service disruption, but are not inherent to every provider. Useful controls include strict separation of management access, strong authentication, signaling validation and monitoring, timely patching of network equipment and software, supplier assurance, and tested failover. Privacy programs must also protect subscriber data and communications metadata, while incident response should account for dependencies on interconnects and other operators.
Weekly headline count for the current query.
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.
After detecting a zero-day attack, the country's effective response was attributed to the tight relationship between its government and private industry.
The US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it's unclear if attackers obtained sensitive data.
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets.
The UK telco said it temporarily took some systems offline as a "protective" measure in its investigation.
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."
The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.
Infiltrating other nations' telecom networks is a cornerstone of China's geopolitical strategy, and it's having the unintended consequence of driving the uptake of encrypted communications.
The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.
In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way.
.