A cybersecurity firm, Ethiack, has highlighted that nearly one in five web servers maintained by UK telecoms providers inadvertently expose software type and version details through their HTTP response banners. This information can guide cybercriminals searching for vulnerabilities to exploit.

The research is part of Ethiack’s “State of Digital Exposure to Cybercrime in European Telecoms” report, which examined over 50,000 digital assets, encompassing customer portals, APIs, email servers, and administrative systems from nearly 600 telecoms providers across 30 European countries. UK telecoms operators, such as BT, Vodafone, and Three, contributed more than 8,300 assets to the analysis, the highest of any country in the study.

While the exposure rate of 19% is lower than the European average of 47%, the number of impacted assets is significant. Displaying server software details via HTTP response banners does not inherently create a vulnerability; however, it can provide skilled attackers with information to identify known exploits applicable to specific systems. According to a company official, state-sponsored and sophisticated cyber threats increasingly utilize AI-driven automation to scan large volumes of sites for such technical data.

SSL Certificate Failures and Exposed Assets

The report also identified additional shortcomings. Approximately 37% of the SSL certificates used across European telecoms websites were invalid, expired, or misconfigured. These certificates serve both to encrypt data in transit and verify the authenticity of a provider’s website. When these certificates are missing or faulty, customer data submitted via login forms or order processes may be intercepted, potentially allowing threat actors to impersonate legitimate sites.

Ethiack’s analysis highlighted 1,452 critical assets, such as virtual private networks (VPNs) and administrative panels, with significant security vulnerabilities that could directly affect operations and customer data.

A Sector Under Persistent Threat

These findings come amidst a series of high-profile cyberattacks on European telecoms infrastructure. In January 2025, two major France-based telecoms providers were fined EUR 42 million following a breach that exposed the personal data of 24 million customers. The same year, Spain’s Orange faced a significant disruption after being targeted by a cyberattack. In the UK, London-based Colt Technology Services experienced operational disruptions for three months in 2025 due to a ransomware attack and was required to file over 75 reports to regulators, law enforcement agencies, cybersecurity bodies, and emergency services across 27 countries.

The sector’s complexity further complicates security challenges. Telecoms operators often manage a mix of legacy systems, cloud infrastructure, third-party integrations, and shadow IT environments, which can expand the attack surface and lead to undetected misconfigurations. The report cites Google Cloud data indicating that the time between a software patch release and active exploitation has decreased from days to hours, significantly increasing the challenge for security teams.

The research highlights enduring security lapses in the European telecoms sector, echoing previous incidents like TalkTalk’s 2015 breach. The firm’s report emphasizes continuous, automated attack surface monitoring and testing as a replacement for periodic security assessments to keep pace with evolving threat actor tactics.