First-of-its-kind collaboration will see global telcos share malware samples and IOCs

Telco Security alliance members are now sharing threat intelliegence

Telco Security Alliance members AT&T, Singtel, and Telefónica are now sharing threat intelligence and indicators of compromise (IoCs) to help fight global attack campaigns that are launched against their customers.

The information is being drawn from a number of sources, including anonymized data from the companies’ security operations centers and investigations. The plan is for the telcos to join forces to fight particular threats on the basis of the pooled information.

Now, when malware and phishing campaigns are identified by the teams, the firms will alert their customers by writing and pushing signatures across their various products and environments down to individual endpoints, using the AT&T Alien Labs Open Threat Exchange (OTX) platform.

“Our customers demand us to deliver contextualized threat intelligence, delivering as many details as possible to reveal undetected attacks,” says Sebastián García de Saint-Léger, telco sector manager at ElevenPaths, Telefónica’s cybersecurity unit.

“By leveraging the Alliance members’ most relevant IoCs into one single platform, it will allow us to improve our detection and response, and the emerging playbooks will let our analysts focus on the analysis and investigations of the advanced threat defeating techniques.”

Collaborative efforts

The Telco Security Alliance was formed in 2018 by AT&T, Etisalat, Singtel, SoftBank, and Telefónica, and has been working since to set up the new information sharing effort.

“This sort of collaboration doesn’t spring up overnight,” says Mador. “We’ve spent that time vetting data and working out the logistics and foundation for all TSA members to be able to properly share their data.”

Between them, the alliance members have 28 security operations centers and more than 6,000 security staff, and there are hints that other members are planning to join the initiative.

The data sharing started in January, and, says Jaime Blasco, associate vice president of product development for AT&T Cybersecurity, “this initiative has already proved valuable to AT&T’s visibility into current threats.”

However, not all of the companies’ security information will be shared – at least for now.

“Here at Trustwave/Singtel we have a dedicated research team working on the threats specific to 5G infrastructure, as I’m sure AT&T and Telefonica have as well, but there is not intel sharing related to those threats… yet,” Ziv Mador, vice president of security research at Singtel security subsidiary Trustwave, tells The Daily Swig.

Sharing is caring

Earlier this month, the Telco Security Alliance produced a report on the global DDoS threat landscape, concluding that the frequency of attacks grew by 39% over the year to the first half of 2019.

While the number of very large attacks dropped significantly, middle-sized attacks – those between 100 Gbps and 400 Gbps in size – increased by more than seven times over the year.

And the report predicts a “challenging” 2020, as attack methods become more sophisticated and regional geopolitical problems continue to increase.

“No matter how large an organization is, their view of the connected world is just a sliver of what is actually happening,” says Mador.

“Sharing not just data and intel but the wealth of knowledge of our researchers benefits all of our customers. It provides the most important thing our customers are looking for: context.”


READ MORE Mastercard to lead security cooperation in Europe with new Cyber Resilience Center