Security is not just a concern
for smartphone users – mobile operators can also be hit, and ignorance could
cost them dearly
The demand for smarter
mobile devices and multimedia content has seen a tremendous growth in the
number of smartphones and tablets across the world. While PC shipments are
dropping, personal mobile devices are destined for a bright future. There are
reports that already claim up to 40% of internet time is spent
on mobile devices, and there's no doubt they will become
increasingly important in the personal as well as professional lives of
millions of people.
In
fact, many corporations are already allowing their employees to access and
carry corporate data on their personal devices. However, this is often without
establishing clear security guidelines. This, coupled with the fact that many
smartphones are almost as powerful as PCs (with dual-core CPUs, gigabytes of
memory and high-speed wireless interfaces) has made them an attractive
proposition for hackers and cyber criminals.
Given
how many mobile devices are used on corporate networks and how little
organisations are so far doing in terms of protecting them, it's a question of
"when" rather than "if" a new mass mobile cyber battle
unfolds before our eyes.
The time could not be more appropriate. According to our Worldwide Infrastructure Security
Report, 57% of mobile network operators do not know what proportion
of subscriber devices on their networks are participating in malicious
activity. The risk to these operators is clear: unseen threats cannot be
prevented or contained.
Naturally,
attackers see mobile devices as a huge open-door opportunity to initiate
attacks and steal confidential corporate data. Generally, this wrongful
activity impacts two main areas: end-user devices (eg smartphones) and the
mobile network operator's infrastructure.
While SMS toll fraud (stealing money though texts), SMS phishing
and mobile malware are examples of how a miscreant can exploit mobile devices
for their own financial gain, the real battle will happen on the infrastructure
front. Distributed denial of Service attacks (DDoS, an attempt to make a machine or
network resource unavailable to its intended users) can lead to poor network
performance, impact services, damage brand reputation, lead to loss of clients,
and even help overthrow governments. All that can happen via mobile users
themselves, without their knowledge.
Mobile
network operators will have to face threats on their mobile network from their
own subscribers or devices. With the growth in app stores and mobile
applications – many of which do not have any sort of security oversight or control
– there's nothing to stop devices connected to the mobile network from becoming
compromised and launching DDoS attacks from the wireless side of the mobile
network.
Take Low
Orbit Ion Cannot, a popular DDoS attack tool used by the hacker
group Anonymous – it can now be downloaded on your mobile in the form of an
Android app. Other attack tools use fake Google Play Store icons to trick users
into launching the application on their devices. These types of threats can
also impact overall network performance, leading to disruptions in mobile
service or even mobile network failure.
DDoS
attacks on mobile networks are already becoming a reality for corporations and
network operators alike. In 2012, 28% of network operators suffered an inbound
DDoS attack and one-third suffered an outage that affected customers.
What this shows is that as mobile network operators race to
build out higher-capacity networks and services to meet their customer demands
– and while companies embrace BYOD (bring your own device) – it's imperative
they keep a keen eye on threats that may impact their network
availability and performance. Ignorance could cost them dear
No comments:
Post a Comment