CUSTOMER SUCCESS MANAGER
Mastering today’s fraud landscape is an everlasting challenge to MNOs. With the development of an advanced Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS), POST Luxembourg Cyberforce plays an impressive pioneering role with accommodating a number of things such as operational difficulties and the need for urgent security improvements. Although the COVID-19 situation has seen a decrease in massive attacks, POST Luxembourg Cyberforce is preparing for a new and more cunning fraud landscape by the end of the year.
POST Luxembourg, the main telecommunications operator of the Grand Duchy, is more than a customer for RoamsysNext. For many years there has been a long and trusting partnership that led to a variety of innovative products and product features that today support customers world-wide. Alexandre De Oliveira is in charge of telecom security at POST Luxembourg and is part of the POST Cyberforce team which has been set up to anticipate and to actively fight fraud and security incidents. He has been in the telecom security business for many years, and it’s always a rewarding experience to talk to him and gain insight into a hot topic, especially with new technologies like 5G coming up.
Please enjoy the first part of the interview with Alexandre, the second part will follow next Thursday.
In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.
Alexandre, POST Luxembourg Cyberforce took an internal security environment up to a new level that is now also available for other operators. How did it start?
Looking back at the last decade, I have been in this ecosystem testing and guiding operators through their telecom security journey. These were only a small number of operators who were the most advanced in terms of safety, so, together with the GSMA efforts were made to create common operator guidelines. This ensured that all operators could now understand the risks their network was facing and how attackers were gathering information about customers, networks and how they were perpetrating frauds. But sophisticated tools to fight fraud were still missing.
Alexandre De Oliveira (left) and Johannes Kaiser (RoamsysNext) at WAS10, Valencia 2019
With penetration tests, security assessments and your sophisticated “Telecom Intrusion Detection System” (TIDS) you now have powerful systems in place to detect fraud and security issues. What’s the story behind this?
As an operator dealing with the same problems on a daily basis, fighting fraud and trying our best to counter attacks coming from foreign actors, we had to make sure we had the tools to meet these challenges. At that time, Cyberforce started the development of TIDS and TSS. The TIDS (Telecom Intrusion Detection System) is combined with the filtering we have implemented on our nodes which is essential to provide us with the visibility of what is going on in our network. TIDS helps us to be more flexible by implementing new rules for attacks or frauds and achieve quick results to improve our network.
Know and understand your attacker
Accordingly, when you build defense, you also have to build your attack. You must be aware of the fact that knowing your attacker is clearly just as important. That is why TSS (Telecom Security Scanner) was created: it provides us with the means to test our filtering and the detection for TIDS in production.
So TIDS and TSS work hand in hand?
At the end, all this work is complementary to one another: one the one hand, TIDS ensures the detection of attacks and unknown behaviors. On the other hand, TSS enables us to test our own network but also to conduct offensive research to ensure that we can keep TIDS and TSS up to date. After this telecom security journey, it felt natural to us to share and provide the same possibilities to other operators. As POST Luxembourg, we are facing the same issues as any other telecom operator: we are attacked every day and we have to react fast. Only operators have this experience: mixing operational difficulties with the need for urgent security improvements.
What’s your impression during the past months, has the number of alerts increased?
In these days challenged by COVID-19 it becomes obvious to everyone how operators are at the heart of all modern economies, providing us with the means to ensure continuity via remote working. Defending these infrastructures is vital to everyone. Interestingly, during the last months, the number of massive attacks has drastically decreased. We have seen more focused attacks that target the population at large, though. Fraudsters went on to usurp the government’s announcements to spread malwares via SMS. But since everyone was on their phones at the time, we noticed large campaigns of fake applications that sent premium SMSes. On the attacker’s side, these are rather test networks to continue their research activities on signaling weaknesses.
What is the consequence?
Nevertheless, we cannot be passive. These kinds of attacks decreased because fraudsters had to cut back their activities as well. The attackers were affected by the confinement, too. They could no longer travel to get equipment and SIMs they needed. We are expecting the same level of massive attacks again by the end of the year. These attacks could be even more sophisticated as the fraudsters and attackers had some time to prepare.
Thank you, Alexandre, for your compelling information. We will continue the interview with regard to your daily challenges and also pain points in the detection of threats. We are also looking forward to more fascinating insights on how these challenges can be met through collective industry initiatives. Take care!
Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.
How does the GSMA approach cyber security, fraud detection and prevention? Look at the incredible useful tools and informations they provide with the Fraud and Security Group (FASG) and documents on best practice countermeasures.