Game On: Latest in Gaming News, Reviews & Industry Buzz
- Pivot to short-term defenses: deploy cloud-based security and 24/7 monitoring to detect and contain threats during the World Cup 2026.
- Secure legacy signaling like SS7 and optional DRA features; tighten tripwires and lock down the signaling layer to prevent interception.
- Boost cross-border coordination and real-time intelligence sharing among roaming and interconnect partners to block bad actors and restrict high-risk routes.
The Olympic flames have long been extinguished in Italy, but for mobile network operators, the digital smoke hasn’t cleared.
The Russian-linked cybersecurity attacks that hit the Winter Games served as a high-stakes warning shot for the next major target on the global calendar.
Article continues below
Head of Security & Fraud Prevention Solutions at Proximus Global.
With the tournament now just a couple of months away, organizers and operators across the globe will be feeling increased pressure.
They must protect the mobile and connectivity networks that support roaming fans, live global broadcasts, and sensitive customer, commercial, and operational data.
As the countdown to the opening match on June 11 begins, it is unfortunately too late for major network upgrades. The focus should now shift from long-term transformation to temporary resilience.
Perfect storm for fraud
In February, Italy’s Foreign Minister Antonio Tajani announced that the country had foiled “Russian origin” cyber-attacks targeting the Winter Olympics. It underlined how major sporting events have become geopolitical digital targets.
Global sporting events exacerbate existing vulnerabilities rather than introducing new attack types. The upcoming World Cup will feature an expanded field of 48 national teams. To put that into context for the non-football fans amongst you, that’s exactly double the number of countries as was at the last World Cup to be hosted in North America, in 1994.
With millions of travelling fans from a wide variety of countries converging on stadium locations, the risk will come from huge spikes in roaming traffic. This surge makes malicious activity harder to detect, as attacks hide in normal-looking traffic. The sheer volume of legitimate signaling requests provides cover for fraud, signaling abuse, and interception attempts to blend in, often bypassing standard monitoring tools.
Unlike in football, where a mix of experience and youth is essential for a winning team, the old guards of mobile signaling will likely be the ones scoring the own goals. They were simply not designed with modern security threats in mind.
And these protocols have their vulnerabilities. Dispute being built in the 1970s on a foundation of total trust between MNOs, Signaling System No. 7 (SS7) still handles the heavy lifting for voice calls, SMS, and roaming between different generations of networks. It allows a phone from a country still using 2G/3G to talk to a US 4G/5G network, and without it, millions of international visitors would have no service.
However, it lacks native encryption or authentication, making it the primary gateway for attackers to track user locations, intercept text messages for SMS phishing, and commit billing fraud.
In 2010, the Diameter Routing Agent (DRA) was launched to be more secure than SS7, with security features like TLS encryption. However, these are often made optional to ensure different networks can talk to each other, creating a trust-based environment similar to SS7.
Attackers intent on causing carnage at the World Cup could exploit this by sending fake signaling messages through roaming hubs. This essentially tricks a network into revealing a fan’s location or intercepting their traffic – giving way to potential fraud, or at best, disruption – without being easily spotted.
Vulnerability gap for smaller operators
These older technologies were not designed with modern security threats in mind, and attackers could exploit them due to the volume and complexity of signaling traffic at the World Cup.
For mobile and connectivity networks, the stakes couldn’t be higher. If suddenly visiting fans lose access to the internet and get stranded in foreign countries, broadcasters can’t show minutes of an important game, or millions of fans’ data gets stolen, the event organizers have a lot more to lose than reputation, endangering their partnerships and trust.
While the host countries’ networks will face the congestion risk, home networks will be the ones carrying most of the security exposure. They bear the responsibility for roaming authentication and the financial and reputational cost of fraud.
While all carriers face risks, smaller Tier 2 and Tier 3 operators are at a significant disadvantage. With limited security budgets and missing or poorly configured signaling firewalls, they often lack the robust security infrastructure of global giants. This makes them primary targets for attackers exploiting signaling vulnerabilities.
Pivoting to short-term, high-impact defense
It is too late for operators to execute significant network upgrades to secure their traffic. Deploying local signaling firewalls takes up to a year, requires significant amounts of new infrastructure, hardware deployment, as well as lengthy testing and configuration cycles.
Network scaling at this stage will also add unnecessary operational complexity and costly risk outages during peak demand periods.
However, all hope is not lost. Instead, organizers and operators should pivot to short-term, event-specific defenses. These temporary resilience measures can be very effective and materially reduce risk.
The aim should not be for total prevention, but rather faster threat detection and incident containment throughout the event, and service continuity during peak moments.
Operators can do this by employing cloud-based security, providing an instantly operational digital hacking shield. This bypasses the long and costly procurement cycles you often get with traditional hardware
By then incorporating 24/7 monitoring, security teams will be able to track network activity in real time. This helps spot and stop threats, such as data drainage and location tracking, often before serious financial damage is caused.
Operators can also stay one step ahead of scammers by setting up automated alerts. These act as digital tripwires by immediately noticing bursts of fake text messages or expensive international calls. This will allow operators to catch high-speed fraud at source and kill the scam immediately, thereby preventing future financial repercussions.
Lastly, and perhaps most importantly, roaming and interconnect partners should increase coordination to ensure that security intelligence is shared across borders. If one operator spots a breach and shares the intel, everyone else can block those same bad actors before they even have a chance to switch targets.
This will create a unified front against global revenue-driven fraud syndicates, who are looking to hack operator systems and generate calls to premium destinations before sharing the profits with shady termination partners.
By zeroing in on high-risk routes and sharing intel in real-time, operators can cut through the background noise and build a unified front. Now is the time to focus on what can be done today: tightening the tripwires and locking down the signaling layer so that the 2026 World Cup is remembered for the football, not a massive security failure.
We’ve ranked the best Antivirus Software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
Read the full article on the original site
