Mahmoud Samy, Regional Director, Middle East, Russia and CIS at Arbor Networks shares his expert opinion.
Mobile networks in the Middle East have evolved by leaps and bounds in the past handful of years, particularly as mobile users continue to gobble up as much mobile network capacity as possible. Mobile data usage is absolutely ubiquitous today with the advent of always-on connectivity, the pull to constantly ‘check in’ on various social networks and applications, and to be able to do access the mobile network at anytime, at lightening fast speeds and with zero downtime. This trend is expected to continue as successive generations of more capable mobile networks and devices and compelling applications emerge. And crucially, data services are the only way Mobile Network Operators (MNOs) will offset long-term declines in their voice/SMS service revenues. But this shift to data-centric service delivery also imposes added operational challenges in maintaining that ‘always on, fast – and secure’ mobile broadband performance and availability that subscribers have come to expect.
The ‘secure’ piece of that equation is a major concern for mobile operators in the region today with the influx of attacks targeting MNOs than ever before. While mobile malware has been around for a decade and is certainly a concern, it’s far less of a concern in comparison to the debilitating effect a large DDoS attack would have on these networks. Add to that the fact that MNOs tend to struggle with proper visibility into malicious activity on their networks and the problem grows quickly.
To further illustrate the problem – the responses from mobile operators within Arbor’s 9th annual Worldwide Infrastructure Security Report are eye-opening:
- 20% – Suffered a customer-visible outage due to a security incident, while 25% don’t know if they had such outages due to a lack of visibility.
- 63% – Do not know what proportion of subscriber devices on their networks are participating in botnets or other malicious activities.
- 25% – Saw DDoS attacks targeting their mobile users, RAN, back-haul or packet core, but 29 percent cannot detect such attacks due to a lack of visibility.
- 25% – Witnessed DDoS attacks impacting their mobile Internet (Gi) infrastructure, while 25% lack the visibility to detect such attacks.
So the ‘why’ in ‘Why are DDoS attacks increasingly focused on mobile networks?’ question is obvious.
- It’s become an ‘easy’ target – how can you mitigate a threat that you cannot see?
- There are loads of DDoS attack tools and services readily available to attackers today.
- And, with more ways ‘in’ to the mobile network via social networking technology, attacks against mobile networks (via mobile devices) is very attractive.
Interestingly, this is precisely how it all started on the fixed Internet years ago – bad actors started to target the Internet as a means of constructing attacks that were destructive, caused outages, and seeped into every facet of the network before long. The same is happening on mobile networks as attackers target MNOs as a wealth of previously untapped opportunity. DDoS attacks targeting mobile networks tends to happen in one of two ways today:
Network infrastructure and services: DDoS attacks can have a direct impact on targeted infrastructure and services by increasing traffic volume/session loads that reduce capacity and impair performance. Internet-originated attacks have been around for a number of years. Botnets composed of thousands of compromised PCs linked to a command-and-control server can launch DDoS attacks that disrupt mobile packet core and “Gi/SGi LAN” data center infrastructure including signaling/data gateways, firewalls, DNS servers, content optimizers and NAT functions. The advent of IMS-based Voice over LTE and Rich Communication Services further expands the range of potential DDoS attack vectors (e.g., video spamming).
End-user devices: SMS toll fraud, SMS phishing and malware trojans are just a few examples of how inventive miscreants are subverting smartphones, tablets, dongle-enabled laptops and mobile apps by inserting malicious code into legitimate apps to lure victims to bogus websites and services where they can then be exploited for financial gain. Along with the growth of app stores (especially for Android-based devices) – many of which have no security oversight or ‘curated’ control – comes increased risk of compromised devices and unwitting users participating in botnets and launching DDoS attacks from the wireless side of the mobile network. This type of threat has the added potential to exhaust precious resources in the highest cost-per-bit part of the network: the radio access network (RAN).
Non-malicious threats are also a problem for mobile operators – i.e. threats on their mobile network from their own subscribers or devices. With the growth in app stores and mobile applications – many of which do not have any sort of security oversight or control – there’s nothing stopping compromised devices connected to the mobile network from becoming botnets and launching DDoS attacks from the wireless side of the mobile network. For example Low Orbit Ion Cannot – a popular DDoS attack tool, used by the hacker group Anonymous, can now be downloaded on your mobile device in a form of an Android app to trick users into launching the application on their devices. These types of threats consume precious radio spectrum and capacity on shared radio access network infrastructure and can impact overall network performance, leading to disruptions in service or even network failure. This non-malicious threat, coupled with the more traditional mobile malware threat carries grave consequences for mobile network operators today.
Mobile is the growth driver and profit center for service providers of today, and tomorrow. At the same time, their infrastructure lags behind their wireline peers with regards to network visibility and security controls. The focus has been on capacity expansion and customer acquisition. With multi-year customer contracts under pressure, consumers are in the driver’s seat. They expect high quality, always-on service and application performance. If they aren’t happy, they are increasingly free to switch carriers. This places pressure on MNOs to make sure they have the visibility required to manage and optimize service performance.
It’s clear that MNOs in the Middle East have the full attention of attackers today. And now, they are in a race to catch up with the threats facing their networks.