NEWS

Reports suggest that Altice International was the subject of a cyberattack earlier this month, but the scale of the attack has yet to be announced

Today, a report from RedPacket Security suggests that France’s second largest operator, Altice, has been hit by a ransomware attack from the cybercriminal gang Hive.

RedPacket Security is an InfoSec news site that scrapes information relating to cyberattacks from the dark web, with the site reporting that the attack took place on August 9 this year, though it was only disclosed by the hacker group yesterday.

The scale of the attack is unclear, but files are reportedly available for download via the Tor browser.

The attack has not been publicly disclosed by Altice

Having been first detected in the summer of 2021, the Hive ransomware group has quickly become one of the most prolific ransomware gangs in the world, instigating over 350 attacks on various targets, primarily in the healthcare and financial services sectors.

To make matters worse, earlier this year, Hive was reported as having overhauled its software, migrating the code to the Rust programming language and therefore enabling even more complex encryption.

Most recently, the group successfully attacked two sixth-form colleges in Bedfordshire, UK, demanding £500,000 for the release of the stolen data.

Like so many ransomware gangs in 2022, Hive typically operates via a strategy known as ‘double extortion’.

In the past, ransomware typically worked by hacker groups gaining access to sensitive files, encrypting them, and threatening the owner with deletion of the files if they did not pay a ransom for the encryption key. However, companies quickly grew wise to this threat, creating and storing various copies of their data elsewhere to negate the risk of encryption and deletion.

In turn, this has led ransomware companies to evolve, with many now not only encrypting the compromised files but exporting them and threatening to leak or sell the sensitive data if their demands are not met. This is what is known as ‘double extortion’.

With their vast stores of customer data, telcos themselves are becoming increasingly appetising targets for ransomware gangs, with reports of attacks increasing dramatically since the start of the pandemic, which forced millions of people to work from home and therefore potentially created new vulnerabilities.

The most notable of these attacks took place against T-Mobile around a year ago, with an attack compromising data for millions of existing, past, and even prospective T-Mobile customers.

According to a recent report from Acronis, ransomware has rapidly become the number one threat to medium and large-sized organisations in 2022.

Want to keep up to date with the latest developments in the world of telecoms? Subscribe to receive Total Telecom’s daily newsletter here

NEWS

The ‘Coverage Above and Beyond’ plan will see the next generation of Starlink satellites provide mobile services directly to T-Mobile customers’ smartphones

This week, a highly anticipated deal between Elon Musk’s SpaceX and T-Mobile has been announced, with the new partnership aiming to use the former’s low Earth orbit (LEO) satellite constellation, Starlink, to plug movile coverage gaps across the USA.

The ‘Coverage Above and Beyond’ initiative will see customers gain access to Starlink internet services directly to their device for the first time, theoretically allowing them mobile coverage anywhere in the country.

Currently, SpaceX’s almost 3,000 orbiting satellites provide connectivity via ground terminals, which customers can purchase and deploy themselves. These ground stations act as an intermediary between the satellites in orbit roughly 550km above the Earth’s surface and the users’ smartphones or other devices.

However, next year SpaceX will begin launching a second-generation of satellites, equipped with new phased array antennas capable of delivering direct-to-device connectivity.

According to the partners, SpaceX’s services will be directly available on the vast majority of smartphones already on T-Mobile’s network, without the need for new handsets.

“We are constructing special antenna. […] They are actually very big antenna that are extremely advanced,” said Musk. “The important thing is you will not need to get a new phone. The phone you currently have will work.”

The Starlink satellites will use T-Mobile’s mid-band spectrum to deliver high-speed connectivity.

According to T-Mobile, there are currently around 500,000 square kilometres of the US that remains unreached by terrestrial mobile connectivity, all of which could be covered as part of the new deal.

“It is about solving the biggest pain point in the over-40-year history of our industry,” said T-Mobile CEO Mike Sievert. “This partnership has a vision that is the end of mobile dead zones”.

While initially penned to cover the US, in future the partners plan to expand this connectivity initiative worldwide, with T-Mobile offering reciprocal roaming to providers that take part in the scheme.

“The important thing about this is that there will be no dead zones for your phone anywhere in the world,” said Musk, who noted that truly ubiquitous global coverage would save lives, allowing people to call for help if needed no matter where they are in the world – provided they are outside, of course.

A beta service from the satellites will be available before the end of 2023 in selected areas, with services initially set to be limited to texting and messaging. Voice and data capabilities will be added at a later date.

While SpaceX’s Starlink is currently the largest LEO constellation in the world – and will presumably remain so, if Musk’s plans to ultimately launch up to 42,000 satellites come to pass – it should be remembered that it is not the only satellite company in the US planning direct-to-device connectivity. In fact, AT&T has been working with AST SpaceMobile since at least 2019, with the duo announcing earlier this year that they will soon test transmissions from regular smartphones to SpaceMobile’s new satellite using AT&T spectrum.

AST SpaceMobile already has a similar Memorandum of Understanding with Telefonica.

Starlink will also have to contend with OneWeb’s growing LEO constellation and ultimately the large-scale launch of Amazon’s Project Kuiper, though dates for the latter’s initial launches have yet to be confirmed.

But despite growing competition, this deal represents a major win for SpaceX at a time when its Starlink constellation needs it most. SpaceX was recently denied $885.5 million in government subsidies to rollout broadband in rural areas, with the Federal Communications Commission saying the company had failed to demonstrate that they could achieve the speeds they promised to deliver in their application.

News

In the memo sent to all Huawei staff, Ren Zhengfei said the company must focus on profit over scale and discard “overly optimistic” expectations

With a global recession looming, this week has seen employees of Chinese vendor giant Huawei issued a stark warning from the company’s founder and chairman, Ren Zhengfei.

In a leaked memo delivered to all the company’s 195,000 staff members, Ren was gloomy about the future of the global economy, telling employees that there was a “very painful” decade ahead, citing the long-term effects of the pandemic, the war in Ukraine, and US sanctions on Huawei.

“Huawei must reduce any overly optimistic expectations for the future and until 2023 or even 2025,” he said in the memo. “We must make survival the most important guideline, and not only to survive but survive with quality”.

Ren said that the company must adapt to these new conditions by refocussing on cash flow and profit, rather than simply growing sales revenue.

“Take surviving as the main program, shrink and close all marginal businesses, and pass the chill to everyone,” Ren said. “The entire company’s business policy should shift from the pursuit of scale to the pursuit of profit and cash flow.”

As part of this process, Ren indicated that the company could seek to downsize in overseas markets and reduce spending on R&D in areas not delivering immediate profit, such as electric vehicles.

In fact, Huawei has already begun streamlining its workforce, having already cut roughly 2,000 jobs in 2021, largely due to US sanctions shrinking the company’s annual revenue by over a third. Now, sources are suggesting that the company is preparing to cut 4,000–5,000 additional middle manager jobs.

It appears to be no coincidence that Ren’s memo should come shortly after the Huawei’s H1 financial results, which were quietly announced earlier this month. While the company’s decline in revenues had slowed since Q1, the company still reported their overall revenues as down 5.9% year-on-year, reaching roughly $44.7 billion.

This ongoing slump in revenue is largely attributed to the continued decline of Huawei’s handset business – the business unit worst hit by US sanctions – where sales shrunk by around a quarter compared to 2021.

However, the revenue reduction was also offset somewhat by the company’s carrier and enterprise software units, which continue to grow at a healthy pace.

“While our device business was heavily impacted, our ICT infrastructure business maintained steady growth,” said Ken Hu, Huawei’s rotating chairman at the results announcement. “Moving forward, we will harness trends in digitalization and decarbonization to keep creating value for our customers and partners, and secure quality development.”

“Our strategy for operations in 2022 revolves around surviving and doing so sustainably,” Hu noted.

News

Wholesale connectivity provider, Netomnia, has announced further growth plans for its full fibre network in Avon and North Wales.

In a series of news releases the company, who builds infrastructure to enable ISP’s to provide their broadband services, has revealed an initial investment of £47.7 million in Bristol and up to £12 million in Wrexam and the surrounding area.

In Bristol Netomnia is targeting 159,000 premises starting in the suburb of Downend before extending into the communities of Kingswood and Filton, whilst in Wrexam 40,000 premises are targeted via a partnership with GForce.

Wrexham, which will receive city status on 1st September 2022 as part of the Queen’s Platinum Jubilee, is Netomnia’s third location in Wales, following on from 29,000 premises in Barry and 55,000 premises in Bridgend.

CEO, Jeremy Chelot, said “Marking our third location in Wales, we know that our network will provide real benefits to the area for generations to come and we look forward to continuing our expansion across the UK.”

The group, YouFibre and Netomnia, have secured £418 million in funding since 2020. The majority – £295 million – has been raised via a funding round led by DigitalBridge Investment Management (DigitalBridge). Earlier this year, DigitalBridge principal Manjari Govada said of “We have been highly impressed with the growth of the business and the best-in-class team he [Jeremy Chelot] has assembled.”

Jeremy Chelot will join a panel discussion on building future-ready 5G and advanced FTTH networks in the UK at Connected Britain on the 20 September. To secure your seat visit the website totaltele.com/connectedbritain

Press Release

Acronis, a global leader in cyber protection, unveiled its mid-year cyberthreats report, conducted by Acronis’ Cyber Protection Operation Centers, to provide an in-depth review of the cyberthreat trends the company’s experts are tracking. The report details how ransomware continues to be the number one threat to large and medium-sized businesses, including government organisations, and underlines how over-complexity in IT and infrastructure leads to increased attacks. Nearly half of all reported breaches during the first half of 2022 involved stolen credentials, which enable phishing and ransomware campaigns. Findings underscore the need for more holistic approaches to cybersecurity.

To extract credentials and other sensitive information, cybercriminals use phishing and malicious emails as their preferred infection vectors. Nearly one percent of all emails contain malicious links or files, and more than one-quarter (26.5%) of all emails were delivered to the user’s inbox (not blocked by Microsoft365) and then were removed by Acronis email security.

Moreover, the research reveals how cybercriminals also use malware and target unpatched software vulnerabilities to extract data and hold organisations hostage. Further complicating the cybersecurity threat landscape is the proliferation of attacks on non-traditional entry avenues. Attackers have made cryptocurrencies and decentralised finance systems a priority of late. Successful breaches using these various routes have resulted in the loss of billions of dollars and terabytes of exposed data.

These attacks are able to be launched due to overcomplexity in IT, a common problem throughout businesses as many tech leaders assume more vendors and programs lead to improved security when the inverse is actually true. Increased complexity exposes more surface area and gaps to potential attackers, keeping organisations vulnerable to potentially devastating damage.

“Today’s cyberthreats are constantly evolving and evading traditional security measures,” said Candid Wüest, Acronis VP of Cyber Protection Research. “Organisations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities. Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions.”

Critical data points reveal complex threat landscape

As reliance on the cloud increases, attackers have homed in on different entryways to cloud-based networks. Cybercriminals increased their focus on Linux operating systems and managed service providers (MSPs) and their network of SMB customers. The threat landscape is shifting, and companies must keep pace.

Ransomware is worsening, even more so than we predicted.

• Ransomware gangs, like Conti and Lapsus$, are inflicting serious damage.
• The Conti gang demanded $10 million in ransom from the Costa Rican government and has published much of the 672 GB of data it stole.
• Lapsus$ stole 1 TB of data and leaked credentials of over 70,000 NVIDIA users. The same gang also stole 30 GB worth of T-Mobile’s source code.
• The U.S. Department of State is concerned, offering up to $15 million for information about the leadership and co-conspirators of Conti.

The use of phishing, malicious emails and websites, and malware continues to grow.

• Six hundred malicious email campaigns made their way across the internet in the first half of 2022.
• 58% of the emails were phishing attempts.
• Another 28% of those emails featured malware.
• The business world is increasingly distributed, and in Q2 2022, an average of 8.3% of endpoints tried to access malicious URLs.

More cybercriminals are focusing on cryptocurrencies and decentralised finance (DeFi) platforms. By exploiting flaws in smart contracts or stealing recovery phrases and passwords with malware or phishing attempts, hackers have wormed their way into crypto wallets and exchanges alike.

• Cyberattacks have contributed to a loss of more than $60 billion in DeFi currency since 2012.
• $44 billion of that vanished during the last 12 months.

Unpatched vulnerabilities of exposed services is another common infection vector—just ask Kaseya. To that end, companies like Microsoft, Google, and Adobe have emphasised software patches and transparency around publicly submitted vulnerabilities. These patches likely helped stem the tide of 79 new exploits each month. Unpatched vulnerabilities also tie into how overcomplexity is hurting businesses more than helping, as all of these vulnerabilities serve as additional potential points of failure.

Breaches leave financial, SLA distress in their wake

Cybercriminals often demand ransoms or outright steal funds from their targets. But companies do not suffer challenges only to their bottom lines. Attacks often cause downtime and other service-level breaches, impacting a company’s reputation and customer experience.

• In 2021 alone, the FBI attributed a total loss of $2.4 billion to business email compromise (BEC).
• Cyberattacks caused more than one-third (36%) of downtime in 2021.

The current cybersecurity threat landscape requires a multi-layered solution that combines anti-malware, EDR, DLP, email security, vulnerability assessment, patch management, RMM, and backup capabilities all in one place. The integration of these various components gives companies a better chance of avoiding cyberattacks, mitigating the damage of successful attacks, and retaining data that might have been altered or stolen in the process.

You can download a copy of the full Acronis Mid-Year Cyberthreats Report 2022 here.