As mobile network operators look to build out and scale up their next generation mobile networks, a veritable army of cyber terrorists, hackers and other actors are waiting in the wings to sabotage their best efforts. As connectivity becomes an ever more important and deeply ingrained facet of our daily lives, the consequences of a breach in network security continue to rise.
In the wake of the global Covid 19 pandemic, operators are coming under immense strain to provide the essential connectivity that underpins our digital lives. As the current Coronavirus pandemic forces hundreds of millions of people across the world to work and study from home, network operators are having to throw all available resources at adding the requisite capacity to cope with the unprecedented levels of traffic.
But as operators deploy all hands to the pump in order to guarantee network availability, a swathe of cyber criminals are waiting in the ranks to bring their operations crashing to a halt.
A recent report by Kaspersky suggested that there had been as many as 726 million confirmed cyber attacks since the start of the year, putting 2020 on course to rack up somewhere in the region of 1.5 billion cyber attacks for the year.
With connectivity now more essential to our daily lives than ever before, the potential ‘rewards’ for cyber criminals have grown exponentially. As next generation connectivity pervades every aspect of our daily lives – from the way we shop to the way we bank and manage our financial lives – the ramifications of a network outage, or of data theft, magnify exponentially. Gone are the days when the biggest network security issue might have been loss of service or an eavesdropped private conversation. In our interconnected, digital world, the consequences of a security breach are far more significant.
Kaspersky’s research suggests that 46 per cent of people currently working from home as a result of the Covid 19 pandemic are doing so for the first time. Moreover, many of these first time work-from-homers lack the basic digital skills to adequately secure themselves against acts of cyber espionage. In short, the Covid 19 pandemic has stretched the network security chain to its limits, with literally millions of potential weak links for seasoned cyber criminals to exploit.
Telcos find themselves in an era where they cannot afford to overlook a single link in the security chain, be that their employees, their interconnection partners or the billions of devices that will access their networks.
The rise of the 5G era means that there will be literally billions more connected devices trying to access communication networks than ever before, with each device being a potential security threat. As society becomes ever more inter connected, network security will become absolutely paramount, not only for telcos, but for the nations and enterprises that they serve.
But it’s not only 5G networks that present a security challenge. As operators launch next generation networks, they must also continue to invest in cutting edge security solutions for their legacy 2G, 3G and 4G networks, through which the bulk of network traffic still passes.
Mobile Network Threats in 2020
In 2020, at the dawn of the 5G era, network operators are faced with a more diverse portfolio of cyber criminals than ever before. A would be cyber assailant could be a professional or merely an enthusiastic amateur. They could be located anywhere in the world, and more likely than not, will also be obfuscating their location. This poses a myriad challenges for operators as they look to secure their assets. This can make it extremely difficult for operators to see an attack happening in real time. It can also make it difficult to enforce punitive measures against would be attackers.
Broadly speaking, operators are faced with attacks from three different types of assailant.
Black Hat hackers, who are intent on doing malicious damage to a network, stealing data, bringing down services or wresting control of network functions away from the operator.
White Hat hackers who are looking to identify weaknesses in a network and then bring them to the attention of the operator, as a way of helping to improve the security of the network.
Finally you have the Grey Hat hackers, who are intent on penetrating the inner-most sanctum of the network core, but have no nefarious agenda beyond the mere satisfaction of being able to have beaten an operator’s security protocol.
These three types of actors present a plethora of distinct challenges to network security.
As fast as operators evolve their security offerings, prospective cyber criminals are being equally innovative in their approaches to hacking. The result is a cat and mouse game where each party is trying to stay one step ahead of their counterpart.
In addition to the diverse identities of the would be hackers, the global Covid 19 pandemic is also throwing some serious security curve balls for operators to deal with.
With people becoming increasingly dependent upon connectivity for their working and studying at home initiatives, they are inevitably consuming more data. As a result, the industry has seen a spike in usage of free public Wi-Fi hotpots, as people look to cut down on their data costs. These public Wi-Fi hotpots are often less secure than a private connection, and present hackers with an ‘easy way in’.
Particularly in the Middle East, the Covid 19 pandemic has also seen a spike in network spoofing and phishing attacks, as cyber attackers look to exploit the unfamiliar current climate for their own nefarious purposes. Cyber criminals are also trying to exploit weaknesses in the VPN platforms that many enterprises use to allow their staff to work from home.
With over 240 customers from around the world, network security specialist, NetNumber, is ideally placed to comment on the developing global trends.
“There is no single region in the world that is unaffected by this. But the important thing to note is that there are regional differences. These regional differences can cause things to be a little different, whether you’re seeing a denial of service attack or any other type of attack, there will be regional differences. That could be because a geography has a number of high value targets, it could be because there is particularly large skills set in a region and the cyber criminals are looking to steal information,” NetNumber’s CRO, Matt Rosenberg, said.
“Additionally, the whole concept of Wi-Fi versus network security is very interesting because then you have off-net versus on-net security problems. Whilst they mimic similar attributes, they are different in the way that you would choose to secure those gaps,” he added.
Robocalling and Wangiri attacks have been a real headache for operators in Europe and the US. However, operators in the Middle East have encountered fewer of these types of incursions. With mobile networks in the Middle East being generally newer and more technologically advanced than those in Europe and the US, they are more resilient to these types of attack.
However, operators in the Middle East have seen more of an increase in SS7 style attacks and also Denial of Service attacks. Oftentimes, these attacks are financially motivated, with the perpetrator trying to steal funds directly with an SS7 attack or to try to blackmail an operator or enterprise into paying a ransom to reinstate services after a DoS attack.
To give an example of the scale and persistence of these types of attacks, Etisalat Group recently revealed that it had foiled over 1,500 DoS attacks in one month in just one of its Middle Eastern markets. Amazingly, all the attacks were successfully repelled, but this statistic serves to emphasise the size of the task at hand for operators across the globe.
Securing the standards
Industry bodies such as the GSMA and the 3GPP are instrumental in creating the standards that help to keep network’s as secure as possible. As the era of 5G dawns, security will increasingly focus on software and virtualised network functions rather than just physical hardware.
“The GSMA and the 3GPP have done a wonderful job of exposing, replicating, and assisting. At NetNumber we take part in multiple working groups. With the GSMA, NetNumber takes part in the Fraud and Security Group and we chair a couple of bodies for the SS7 and Diameter Firewalls. That has helped us to provide insight back into the community,” Rosenberg said.
Operators must also avoid being lulled into a false sense of security by the presence of security standards and must continue to focus on how they operationalize those standards, embedding them in the practicalities of their network functions.
“We see a lot of well intentioned security guidance and protocols but what it comes down to is that you have to take care of what you do in your own home. You need to make sure that you really enforce those operational security mechanisms and methodologies.
“As a practical example, we have been involved in carrying out unannounced security testing within an operational organisation to see how that affects the signaling network. We do that on behalf of the carrier. That’s designed to do two things – one, it tests the operational security of the actual network; two, it tests the processes and procedures around it, where operational teams have to go in and implement those procedures,” Rosenberg added.
Collaboration between operators, governments and key stake holders
Achieving cutting edge security for next generation networks inevitably involves extremely close collaboration between telcos, governments, enterprise customers and other key stake holders. As the old adage has it, a network is only as secure as its weakest link, so it is crucial that all stakeholders are sufficiently invested in the security process.
Here in the Middle East, operators work extremely closely with government departments through a series of focused working groups. Two way dialogue, particularly between governments and the telcos, is essential to ensure that legislation can react to, or better yet proactively mitigate, the latest evolutions in the security threat.
Given that security standards and requirements differ from region to region, the onus is on vendors to ensure that their products are agile enough to be configured in different ways to suit different markets.
As truly interconnected societies emerge at the beginning of the 5G era, governments will become even more important stakeholders in network security, as connectivity will underpin every facet of their critical infrastructure. Equipment vendors, telcos and government security agencies will need continue to work in a symbiotic manner, in order to protect the connected infrastructure of our interconnected world.