UK Telecoms Expose Security Details, Risking Cyber Attacks

Severity: Medium (Score: 51.9)

Sources: Commsbusiness, Securitybrief, Thepaypers

Summary

A study by Ethiack reveals that 19% of web servers operated by UK telecoms disclose critical software details through HTTP response banners, potentially aiding cybercriminals in identifying exploitable vulnerabilities. The analysis covered over 50,000 digital assets from nearly 600 telecom providers across Europe, with UK firms like BT, Vodafone, and Three contributing more than 8,300 assets. The European average for such exposure is significantly higher at 47%. Additionally, 37% of SSL certificates used by these telecoms are invalid, expired, or misconfigured, increasing the risk of data interception. The report identified 1,452 critical assets with significant security weaknesses. Recent high-profile attacks on telecoms infrastructure, including a €42 million fine for French providers after a data breach, underscore the urgency of these findings. The complexity of telecom infrastructure, including legacy systems and third-party integrations, complicates security efforts. Key Points: • 19% of UK telecom web servers expose software details, lower than the European average of 47%. • 37% of SSL certificates used by European telecoms are invalid, expired, or misconfigured. • 1,452 critical assets identified with significant security weaknesses that could impact operations.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Colt Technology Services (company)
• Orange (company)
• TalkTalk (company)
• France (country)
• Spain (country)
• Google Cloud (tool)