In this article, Caitríona Grant at Enea AdaptiveMobile Security, looks at the top six mobile network threats – What can MNOs do to prevent them:
Threats facing mobile operator networks:
- Voice fraud
- SMS misuse and attacks
- Signaling security risks (SS7)
- 5G legacy and its vulnerabilities
- Network slicing security flaws
- 5G IoT security vulnerabilities
Mobile internet use has reached 55% of the world’s population, according to the Global System for Mobile Communications Association (GSMA), and by the end of 2021, 4.3 billion people were using mobile internet.
Across the world, mobile internet users are increasingly dependent on their mobile phones for a range of business and personal activities. Unfortunately, mobile network threats come with this territory.
Mobile usage has attracted unwanted attention from criminals who try to disrupt communication services or change, destroy, or steal data.
These cybercriminals usually exploit device or network vulnerabilities to penetrate networks. Subscribers and regulatory bodies demand high-quality service (QoS) from their mobile providers, including a stable and secure network connectivity service.
In this fast-paced environment, it’s increasingly challenging for mobile network operators to provide the best protection to subscribers.
This article outlines some of the most common mobile network threats and what chief security officers and their teams can do to prevent them.
1. Voice Threats
With the total number of voice-over-5G users predicted to grow to 2.5 billion by 2026, it is anticipated that voice fraud will also rise. Such fraud attacks could include vishing (voice phishing), number spoofing, Wangiri fraud, and SIM Box fraud.
The existence of the iSpoof website is a good indicator as to how voice fraud has been developing. Before its takedown in November 2022, the malicious website sold bad actors the tools to commit voice fraud.
The ‘products’ sold on the iSpoof platform included pre-built vishing scripts – phishing attacks-as-a-service, and the ability to manipulate Calling Line Identity (CLI), enabling attackers to spoof numbers. The availability of these ready-made tools at the convenience of attackers is a testament to how widespread voice fraud has become.
Operators also face threats to their revenues with flash calls being utilized for authentication services. As flash calls incur no call charge, and in many cases can replace methods like A2P SMS authentication, operators’ revenues may suffer.
In light of these developments in voice fraud, operators should invest in a voice firewall to address the growing challenge of protecting subscribers. Proactively taking steps to tackle voice fraud attacks will be critical for operators going forward, to maintain brand reputation and protect revenues.
2. SMS Misuse and Attacks
There is a huge range of SMS attacks and other forms of misuse on networks. Many misuses will continue to exist, because the protocols and interfaces that enable SMS in 5G remain the same. The following are some of the 5G SMS misuses mobile networks must deal with:
- Unsolicited SMS messaging
- SMS phishing (or smishing)
- Premium SMS fraud
- Mobile Malware Propogation via SMS
- Surveillance and information retrieval via SMS
- Denial of Service
- SMS interception
- Grey routes
- New 5G attack vectors
As explained in the Messaging for the Future: Securing SMS in 5G white paper, as SMS messages traverse different protocols and generations, a holistic security approach needs to start by mapping out potential entry points and security zones for individual networks.
Then, the vulnerabilities of these entry points should be validated to see if and how those entry points can be exploited. This will enable operators to evaluate ways of detecting attackers, filtering out malicious messages and stopping signaling attacks.
3. Signaling Security Risks
Signaling networks using protocols such as SS7, Diameter, and GTP-C are under threat from adversaries and fraudsters, who exploit loopholes in the protocols across the global interconnect.
This enables attackers to breach subscriber privacy, deny access to key services, and defraud mobile operators. Since the war in Ukraine began, Enea has uncovered evidence of state-sponsored attacks on mobile networks.
Mobile operators urgently need to implement an effective signaling firewall and employ threat intelligence to ensure ongoing trust in their networks. If steps aren’t taken to secure signaling infrastructure, attacker’s will find vulnerabilities to exploit, and operators risk their brand reputation, customers, partners, and revenues.
MNOs must select the right signalling firewall vendor to secure their networks. Operators should look for a combination of a carrier-grade signaling firewall, advanced reporting, and global threat intelligence.
The solution must go well beyond just blocking current attacks on the network. It should have capabilities to react to emerging threats, which seek to bypass standard SS7, Diameter, and GTP-C firewalls.
4. 5G Network Legacy and New Vulnerabilities
The GSMA reported that 5G networks have been deployed in more than 70 countries by nearly 200 operators, covering almost one-third of the world’s population. It is predicted that by 2025, there will be 2 billion 5G connections globally. 5G network security is more complex than previous mobile technologies, as networks have become more virtualized, disaggregated, and cloudified, making them more vulnerable to intrusions.
5G architecture comes with significant vulnerabilities, which, if left unaddressed, could be exploited by cybercriminals.
The fundamental vulnerability enables three main attack scenarios: user data extraction (e.g., location tracking), denial of service against another network function, and access to a network function and related services of another vertical partner from network slicing.
When it comes to securing 5G networks, trust shouldn’t lead your security strategy. Operators have to be able to constantly and proactively monitor activity, discover and block threats, and most of all they need to react fast to any intrusion.
5. Network Slicing Security Flaws
Network slicing involves the virtual partitioning of the RAN and core to create ‘slices’ of the network that can be tailored to specific use cases. Our research shows that 5G network slicing contains some major security flaws that could enable attacks such as Denial of Service (DoS), location tracking, as well as fraud / data leakage.
Notably, DoS attacks could be more damaging in a 5G environment, as we see more 5G use cases with enterprise partners. Many mobile network operators now count governments among their customers, and attacks could reach parts of critical national infrastructure, such as energy, health, transportation, public services, and manufacturing.
To prevent potential DoS attacks within 5G network slicing, we recommend using an enhanced filtering and validation approach that combines information from different layers and protocols and integrates external threat information.
This filtering and validation approach divides the network into security zones and safeguards the 5G core network. Cross-correlation of attack information between those security network functions maximizes 5G network protection against sophisticated attackers and allows better mitigations and faster detection while minimizing false alarms.
Standardization is important, but waiting for standardization to improve security might not always be a timely solution, as we can see from the timeline of the 3GPP Release 17 Code freeze in 2022.
6. IoT Security in 5G
Because of the Internet of Things (IoT), there will be a greater number of devices connecting to the 5G networks and high-value critical devices like cars. This means that security methods designed for mobile phone devices are no longer a suitable approach.
To deal with the IoT security risks and other risks that may arise for 5G networks; we make three recommendations:
- The first recommendation is that mobile operators correlate and pool all the security information they have from the old mobile networks and the new 5G mobile network. This will give mobile operators a complete picture and improve security on all levels.
- The second recommendation is that mobile operators focus on intelligence and analyze what is happening on their new networks to understand the nature of attacks, build defenses to stop them, and give users confidence that future attacks will be blocked
- The final recommendation is that mobile operators adopt a security mindset with the 5G network as this network will not only be a piece of national critical infrastructure but also connect other critical infrastructure like transport, water, and electricity.
To protect this infrastructure, it will not be sufficient for mobile operators to implement specifications. They will need to maintain, monitor, and update these systems to block network attacks. This may require a change in the network mindset for many operators.
Conclusion
This is not an exhaustive list of all the risks that MNOs face. Other threats include vulnerabilities associated with open-source software development, supply chain vulnerabilities, third-party cloud services, or simply exposure to human error.
As 5G networks are fully deployed in every aspect of our economies, we believe risks will increase at different layers, from vertical industry to the massive use of IoT and core network-related 5G security issues. Mobile networks are now part of the strategic infrastructure with ramifications for every economic sector. This is why regulators increasingly require mobile networks to be more proactive against threats.
MNOs should be able to anticipate threats to their networks, so they can provide a safe and secure connectivity environment for their consumers, enterprise, and government customers. Competing on price and speed is a race to the bottom and a losing strategy, given that MNOs must continue investing in infrastructure, new technologies, and better customer service.
Thus, security is becoming a cornerstone of MNOs’ strategy and differentiation from other MNOs.
By implementing the right defenses and keeping up to date with the global threat landscape through a threat intelligence system, chief security officers, directors of engineering, and their teams can ensure the network is always safe and reduce the potential for economic losses and reputation damage.
The result will be a boost in net promoter scores and a formidable marketing tool for the MNOs. Speak to one of Enea AdaptiveMobile Security’s specialists to learn how we can help you enhance your network security.
About the writer
Caitríona Grant is a recent graduate of the National University of Ireland, Galway, where she completed a bachelor’s degree in global commerce. As part of her degree, Caitriona studied abroad in Canada and worked as a marketing intern back in Ireland. Over the course of her studies, she developed a passion for both marketing and cybersecurity, specialising in marketing in her final year. Caitriona is now working as a marketing assistant at AdaptiveMobile Security, a role that marries both of her passions.
[NB: This post was first published on Enea‘s platform]
Comments 1