Gabriele Lieser



According to a leading security network, Cisco Umbrella, the first half of 2020 saw increasing threat trends in the advanced reuse of trojans and droppers for new forms of malware delivery, an increase in the use of obfuscation, macros and other file-free malware to bypass traditional antivirus (A/V) defenses, an increase in threats to managed service providers (MSPs), and an increase in phishing attacks with COVID-19-related themes.

Since the global reach of the internet facilitates the international impact of telecom fraud, the threat landscape expands, too. Fraud behaves like a virus: it spreads very quickly, infecting one network after another, having dire effects on national critical infrastructure (civil, energy, agricultural, healthcare) and causing colossal losses of revenue. Although mobile network operators are continually investing in fraud protection, most efforts are focused on mitigating damage after attacks have already occurred.

Many years ago, roaming was one of the leading fraud facilitators because of the time delay until the charging records arrived at the home network. After years of concerted action, fraud managers today have practically 100% visibility of roaming traffic as they can feed their FMS with data all available on the home network. Data feeds and call records from the visited network typically are no longer necessary. And still, mobile operators are often unable to stop attackers due to missing or delayed cross-border jurisdiction and limited uptime.

RoamsysNext Insights

In RoamsysNext Insights our experts share their views on extensive industry topics and possible solutions we can offer.

Analysts and investigators are doing their best to gain and maintain control of their threat landscape. In contrast, current tools require a lot of manual consolidation and integration of large amounts of threat data into security technologies, teams and processes. Every prevented attack saves costs, so more efficient solutions are always welcome. Most resources, however, are focused on mitigating damage after attacks have already occurred. Sure, there are already tools which ensure the correct configurations for different network elements and thus provide proactive protection. Nonetheless, it would be nice if there was additional information on fraud numbers to correlate and verify to stop current threats or later provide evidence for legal teams. Since there is no all-inclusive platform to gather international fraud intelligence yet, limited visibility of global fraud trends inevitably takes its toll.

Strengthening joint initiatives

With regard to cyber security and fraud prevention, the GSM Association (GSMA) already provides a number of useful tools and information through its Fraud and Security Group (FASG), documents on best practice countermeasures, the MISP (Malware Information Sharing Platform) and the T-ISAC (Telecommunication Information Sharing and Analysis Centre) initiative. The FASG provides expertise in assessing the global fraud and security threat landscape and releases guidelines for best practice countermeasures such as the GSMA FF.21: Fraud Manual.

More joint efforts required

There are MISPs specialized in one user; banks, for example, encounter different threat vectors than mobile operators. There is also a dedicated GSMA MISP for the mobile industry implemented jointly with the prestigious Luxembourg CIRCL (Computer Incident Response Center Luxembourg, The thing is that fraudsters proceed to transmit successfully launched attacks to similar organizations on a different campaign. Disarming criminals and preventing damage is easier when trusted partners and trust groups share information: joint analysis saves time and double work. Additionally, it would help a lot if there was a platform providing technical security professionals with a user-friendly interface to simplify and validate the correct configuration of each roaming-related network element.

Crowdsourced feeds make everyone stronger

The GSMA T-ISAC will eventually become a central hub of information sharing for the telecom industry, including the GSMA MISP whose infrastructure automates the feed. The GSMA plans to expand networking workshops and virtual member meetings, generating threat intelligence and delivering threat alerting, training and learning with industry experts and peers. Crowdsourced feeds will massively reduce the amount of research MNOs have to do around fraud scenarios. A dream comes true when there is finally a platform to tell in a very automated and a very curated way the details of suspicious IP-addresses, number ranges, IMSIs and fraud numbers.

Proactiveness pays off

A multi-level approach to combating telecom fraud is an important step towards success: valid, up-to-date industry data on roaming partners, number ranges, contact details and more information on attack sources is key. Although there is no such thing as 100% security and 100% protection, increasing challenges due to global developments, rising costs and a highly competitive environment require proactive fraud prevention. Fraudsters are as highly organized as any business. They use machine learning, artificial intelligence, and large amounts of data to improve their skills.

We are all in the same boat

We are doing our best to protect our current and future customers from evil. In order to converge roaming partner information and relationships in a precise and secure way, the RoamsysNext’s Wholesale Roaming Manager offers an all-in-one solution from test SIM cards, over tariff, document and contact management. Additionally, we help to strengthen the core network by spotting missing and incorrect configurations and vulnerabilities with the RoamsysNext Network Configuration Optimizer. Further audits are essential to make sure that the correct configurations are implemented in every network node.

At the end of the day, don’t we all pull together to provide our subscribers seamless accessibility, great quality perception and a unique customer experience? More than 700 MNOs across the globe already trust our tools and services. With the help of the latest technologies we constantly strive for more efficient solutions. Consequently, we are more and more keeping an eye on upgrading security aspects. Stay tuned for more advanced developments from the house of RoamsysNext.

Gabriele Lieser joined RoamsysNext in 2020 as Customer Success Manager to strengthen the bonds with our increasing number of customers and to support the marketing team. Gabriele has a strong background in corporate sales. She studied at the Universities of Trier (Germany) and Manitoba (Canada) and is incorporated in the RoamsysNext Client Service team.

“The team is a crucial asset”

It has been an exciting year for RoamsysNext. And as 2023 is coming to an end, we took the opportunity to talk with CEO Michael Grasmück about the past year, the growing team that becomes more and more international, and the comeback of an industry institution.

Reporting at a glance: The RoamsysNext Dashboards

The RoamsysNext tools offer many reporting functionalities of which the dasboards play an important role. Learn more about using them in practice to identify bottlenecks, visualize your team's performance and bring a smile to your management's faces.

How to Stay Secure

What can MNOs do to stand up to the ever-growing tide of telecom fraud and protect their assets? Stay alert, use great tools, collaborate with other market players, and take the fight to the fraudsters.

Telecom Fraud Hurts

Telecom fraud is a rapidly growing area that has serious effects on national critical infrastructure (civil, healthcare, energy, agriculture...) and wider industrial processes.

  • RMX_Insights_Template21

How to Choose a Signaling Firewall Wisely

In times of global turbulences and increasing fraud attacks the decision for a sophisticated signaling firewall becomes more and more a priority. Some general considerations help to narrow down the choice.

Two-Factor Authentication rules!

For some time now, we have introduced 2FA and have contributed our share to provide more secure access to our tools. Norbert Becker, Head of Software Development, picks up the thread and provides engaging insights into his area of responsibility.

  • RoamsysNext Insights - Wholesale Roaming Manager

Introducing: The RoamsysNext Wholesale Roaming Manager

The RoamsysNext Wholesale Roaming Manager provides powerful collaboration and reporting tools for all roaming partner relationships by converging everything from service openings to the user’s roaming footprint, test SIM cards and tariffs, document and contact management.

We’re in this together

In the second part of our interview with Alexandre De Oliveira, POST Luxembourg Cyberforce, he highlights major pain points in fraud detection and stresses the importance of global information sharing via the GSMA T-ISAC initiative.

Mastering today’s Fraud Landscape

Learn how Alexandre De Oliveira’s team at POST Luxembourg Cyberforce is mastering today’s fraud landscape with penetration tests, security assessments, the Telecom Intrusion Detection System (TIDS) and the Telecom Security Scanner (TSS).

How to avoid configuration errors

Hardening the network is a good way to get configuration errors under control. Introducing smart firewall rules and consistently updating these rules can be very time-consuming, but it’s a crucial measure to be taken.

  • RoamsysNext Insights 9: Interview with Hendrik Hoehndorf

Making a Stand against Fraud

In an insightful interview, our CTO, Hendrik Hoehndorf, speaks about further GSMA initiatives on fraud detection and prevention such as the MISP (Malware Information Sharing Platform) and T-ISAC (Telecommunication Information Sharing and Analysis Centre).

  • RoamsysNext Insights

Let’s talk about data quality

Most fraud and security issues are caused by misconfigured network nodes. This article shows, how RoamsysNext treats this problem on their quest for data quality.