Fuelled by their subscribers’ insatiable demand for smarter mobile devices and multimedia content, mobile network operators (MNOs) have seen tremendous growth in mobile traffic on their networks.
Along with this growth, MNOs face the ever-increasing challenge of maintaining the availability and performance of their mobile network and services to enhance their customers’ quality of experience.
It is thus essential that MNOs have solutions in place to proactively recognise traffic patterns that threaten the availability and performance of their mobile network infrastructure and services.
With the advent of wireless access to the Internet from mobile devices, attackers naturally see this as a huge open-door opportunity to initiate attacks. Generally, this wrongful activity has two main impact points:
In mobile networks, DDoS attacks can be sourced from the Internet or from mobile service users:
Not all threats to mobile networks, their service performance and availability, are malicious in nature. Mobile applications are the reason why the amount of mobile data traffic continues to increase. MNOs have little to no control over which mobile apps their subscribers install and use. To make matters worse, many mobile apps do not take into account that they communicate over networks that operate differently from traditional fixed-line IP networks – especially during recovery scenarios.
This can cause major problems when popular mobile apps, used by millions of subscribers, undergo maintenance or encounter issues. For example, when a critical component of a social media application (i.e, a core communication server) becomes inaccessible, it can cause subscriber devices or servers to initiate a retry/recover routine that can trigger huge spikes in mobile data and control-plane traffic. Such a traffic storm, though not malicious in nature, looks and acts like a DDoS attack on a mobile network because it affects all mobile subscribers, not just the users of this particular application.
Arbor Networks 8th annual Worldwide Infrastructure Security Report (WISR), which is based on survey data from 130 network operators and service providers around the world, includes evidence of both malicious and non-malicious threats to mobile network operators who participated in the survey. The majority of operators who suffered non-malicious incidents relating to poorly-behaving applications took a reactionary stance toward detection and mitigation, with over 30 percent indicating that they had to perform a reactive analysis of the problem.
This is an unfortunate statistic, but is a direct result of the consumer broadband-based business model that mobile providers work within. Each subscriber contributes a relatively small amount of revenue to the provider, and every time the subscriber calls into the provider help desk, that revenue is offset for some time by cost. There is little incentive to put measures in place that could result in that subscriber calling in less often. Hence, the more reactive approach. This model is likely to change if/when attacks impact the mobile network itself.
There’s more than anecdotal evidence that these threats are occurring and are having an impact on mobile networks and the services they provide. This years’ WISR data highlights the growing threat to mobile networks very clearly:
34 percent suffered a customer-visible outage due to a security incident, a 64 percent increase over the prior year.
57 percent do not know what proportion of subscriber devices on their networks are participating in botnets or other malicious activity.
60 percent have no visibility into traffic on their packet cores, resulting in unseen threats that cannot be prevented or contained.
45 percent do not know if DDoS attacks are targeting their Internet Gi infrastructure.
28 percent observed DDoS attacks targeting their wireless network, while 25 percent don’t know if such attacks occurred due to a lack of visibility.
16 percent reported outbound attack traffic from subscribers, but 25 percent can’t tell if subscribers are originating DDoS traffic due to a lack of visibility.
A large factor facing MNOs today is a lack of visibility and an overall lack of proactivity, as the WISR data above illustrates. Sixty percent of mobile operators lack visibility into the traffic on their mobile/evolved packet cores.
The risk to these operators is clear: unseen threats cannot be prevented or contained. Of those who have visibility into traffic on their mobile packet core, the majority use counters and statistics available directly from the mobile infrastructure itself, while one-third use vendor-supplied probe-based monitoring solutions. The remainder use third-party probes or a flow-monitoring device to visualise traffic.
Many mobile devices are now as powerful as some laptop computers, with dual-core CPUs, gigabytes of memory and high-speed wireless interfaces. The malware problem in the mobile space is quite real, and large-scale malware activity – with thousands of active participants -could have a devastating impact on the resources of a wireless infrastructure.
Given the speed of evolution in mobile technologies and the increased dependence on mobile networks, mobile operators are having to upgrade their infrastructure to maintain competitiveness. At the same time, they should implement threat detection and monitoring solutions to protect themselves and their customers.
Tom Bienkowski is director of product marketing at Arbor Networks
What do you know about Internet security? Find out with our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…