Debilitating Distributed Denial of Service (DDoS) attacks will be increasingly targeted towards mobile networks in the region as Mobile Network Operators struggle with proper visibility into malicious activity on their networks
To further illustrate the problem – the responses from mobile operators within Arbor's 9th annual Worldwide Infrastructure Security Report are eye-opening:
• 20% – Suffered a customer-visible outage due to a security incident, while 25% don't know if they had such outages due to a lack of visibility.
• 63% – Do not know what proportion of subscriber devices on their networks are participating in botnets or other malicious activities.
• 25% – Saw DDoS attacks targeting their mobile users, RAN, back-haul or packet core, but 29 percent cannot detect such attacks due to a lack of visibility.
• 25% – Witnessed DDoS attacks impacting their mobile Internet (Gi) infrastructure, while 25% lack the visibility to detect such attacks.
So the 'why' in 'Why are DDoS attacks increasingly focused on mobile networks?' question is obvious.
• It's become an 'easy' target – how can you mitigate a threat that you cannot see?
• There are loads of DDoS attack tools and services readily available to attackers today.
• And, with more ways 'in' to the mobile network via social networking technology, attacks against mobile networks (via mobile devices) is very attractive.
Interestingly, this is precisely how it all started on the fixed Internet years ago – bad actors started to target the Internet as a means of constructing attacks that were destructive, caused outages, and seeped into every facet of the network before long. The same is happening on mobile networks as attackers target MNOs as a wealth of previously untapped opportunity. DDoS attacks targeting mobile networks tends to happen in one of two ways today:
Network infrastructure and services: DDoS attacks can have a direct impact on targeted infrastructure and services by increasing traffic volume/session loads that reduce capacity and impair performance. Internet-originated attacks have been around for a number of years. Botnets composed of thousands of compromised PCs linked to a command-and-control server can launch DDoS attacks that disrupt mobile packet core and "Gi/SGi LAN" data center infrastructure including signaling/data gateways, firewalls, DNS servers, content optimizers and NAT functions. The advent of IMS-based Voice over LTE and Rich Communication Services further expands the range of potential DDoS attack vectors (e.g., video spamming).
End-user devices: SMS toll fraud, SMS phishing and malware trojans are just a few examples of how inventive miscreants are subverting smartphones, tablets, dongle-enabled laptops and mobile apps by inserting malicious code into legitimate apps to lure victims to bogus websites and services where they can then be exploited for financial gain. Along with the growth of app stores (especially for Android-based devices) – many of which have no security oversight or 'curated' control – comes increased risk of compromised devices and unwitting users participating in botnets and launching DDoS attacks from the wireless side of the mobile network. This type of threat has the added potential to exhaust precious resources in the highest cost-per-bit part of the network: the radio access network (RAN).
Non-malicious threats are also a problem for mobile operators – i.e. threats on their mobile network from their own subscribers or devices. With the growth in app stores and mobile applications – many of which do not have any sort of security oversight or control – there's nothing stopping compromised devices connected to the mobile network from becoming botnets and launching DDoS attacks from the wireless side of the mobile network. For example Low Orbit Ion Cannot – a popular DDoS attack tool, used by the hacker group Anonymous, can now be downloaded on your mobile device in a form of an Android app to trick users into launching the application on their devices. These types of threats consume precious radio spectrum and capacity on shared radio access network infrastructure and can impact overall network performance, leading to disruptions in service or even network failure. This non-malicious threat, coupled with the more traditional mobile malware threat carries grave consequences for mobile network operators today.
Mobile is the growth driver and profit center for service providers of today, and tomorrow. At the same time, their infrastructure lags behind their wireline peers with regards to network visibility and security controls. The focus has been on capacity expansion and customer acquisition. With multi-year customer contracts under pressure, consumers are in the driver's seat. They expect high quality, always-on service and application performance. If they aren't happy, they are increasingly free to switch carriers. This places pressure on MNOs to make sure they have the visibility required to manage and optimize service performance.
It's clear that MNOs in the
About Arbor Networks:
Most Popular Stories
- Criminal Investigation Opened Into James Foley's Death
- Swiss Suicide Tourism Doubled Since 2009
- Florida's Largest Insurer Says 'Bailout' Attacks Unfair
- Wealth Gap Widened in Past Decade: Census
- James Foley Beheading Sparks Anger, Little Action
- International Revulsion Grows Over James Foley Death
- Gap Reports Higher Profits, India Plans
- Sears Holdings Loses $573 Million
- Beyonce, Jay-Z Cuba Trip Was Legal After All
- Chinese Stock Funds Are a Late-summer Bloomer