May 23, 2017

Malicious data interception attacks via SS7 – that we Precision Block

Earlier this month hackers emptied the bank accounts of O2-Telefonica customers. The buzz on that hasn’t yet died and there’s news of another SS7 attack doing the rounds.

This one is newsworthy because an attack of this nature hadn’t been detected until now; though it had been theorised. The growing list of attacks is demonstrating a high likelihood that attackers operating on mobile networks are becoming increasingly sophisticated.

In this case, the attacker sent an InsertSubscriberData packet to an SGSN, instructing the SGSN to change a particular subscriber’s settings. The likely aim would’ve been to redirect the user’s data connection so the attacker could eavesdrop on data communications.

For mobile operators, selectively blocking any attack is a simple operation once they have an Active Signalling Firewall in place that is able to detect and block at any level from the country or network level, through to a specific global title, through to individual messages and message flows – rather than blanket-only block.

Networks need to detect and prevent attacks across the full signalling infrastructure – to protect against all categories of SS7 and Diameter attacks specified by the GSMA.

Without a comprehensive security solution, networks are wide open to attackers, and they are becoming low-hanging fruit for attackers as other mobile networks seal their networks from illegal activity.

Operators need the ability to act fast in response to new attacks – applying new rules updates as new attack threats develop – rather than have rules and threat types hard-baked into a module that takes time to update.

It’s catchup time for mobile networks in their race against attackers. Here I’ve mentioned only the basics of mobile security; but even these are left unguarded by many operators, and uncatered for in some signalling firewalls – thus handing attackers a key to the door even when the network is ‘protected’.

Beyond these basics, the likes of contextual analysis and reputation analysis are just two threat-detection techniques that are hardly spoken of. And as the more advanced networks explore machine learning and artificial intelligence to more effectively pick out threat elements, there’s a wake-up call for unprotected networks in the ever-growing list of attacks on networks and on subscribers, that are hitting the news.

Categorised in:

May 23, 2017