1、Mobile Telecommunications Security Threat Landscape January 2020 COPYRIGHT 2020 GSMA 1 ������Executive Summary 2 Introduction 3 Threat Landscape Structure 5 Cloud and Virtualisation 6 Internet of Things 8 Securing the 5G Era 10 Securing Device Applications 12 Security Skills Shortage 14 Signalling Threats
2、 16 Software Threats 18 Supply Chain Resilience 20 2020 and Beyond 22 5G standalone and scaled security 22 Network ���visibility 23 Increased blended attacks 23 Supply chain service impact 23 Final Thoughts 24 GSMA Member Security Services 25 About the GSMA 26 About the GSMA Fraud and Security Team 26
3、Contents MOBILE TELECOMMUNICATIONS SECURITY THREAT LANDSCAPE MOBILE TELECOMMUNICATIONS �����SECURITY THREAT LA������NDSCAPE Executive Summary 2 Welcome to the GSMA 2nd Annual Threat Landscape Report As we enter the era of intelligent connectivity we are seeing ever more complex networks, both in the services t
4、hey offer, in the use cases they will enable, and the range of technology used to build them. Not only ������will such networks be critical to �����economic and societal health they will also be attractive to attackers and it is important that the industry is motivated to identify and mitigate the threats. The
5、 threat surface is increasing and with the continued presence����� of 3G and 4G networks in the ecosystem, traditional threats and vulnerabilities will have to be continually mitigated and managed. Many threats are able to be anticipated and����� with good hygiene, continued action and vigilance, mitigated. N
6、ew mitigation opportunities are arising through automation, machine learning and artificial intel������ligence, however these must be married to good procedural practices and appropriately skilled security staff, coupled with good strategic risk management practices. Threats must be managed across people,
7、 process and technology and across the full lifecycle from definition through deployment, operation and ultimately decommissioning. The supply chain continues to be a critical considerati����on in the threat landscape. This guide gives insights into the threat landscape of the mobile telecommunications
8、ecosystem, details key dimensions of considerati������on, and offers guidance to mitigate and tackle such threats. MOBILE TELECOMMUNICATIONS SECURITY THREAT LANDSCAPE Introduction The mobile telecommunications industry is under daily attack. The industry understands that no threat can be tackled in isolat
9、ion, and th���at threat actors will continue to exploit vulnerabilities in deployed technologies to achieve their goal. In the face of this persistent threat it �������is crucial to develop a broad understanding of evolving threats facing the industry. Our aim is to advise on the current threats and highlight
10、 potential future threats affecting the mobile telecommunications industry. THE GSMAS DESIRE IS TO ENHANCE AWARENESS AND ENCOURAGE APPROPRIATE RESPONSES TO SECURITY THREATS. 3 and will remain for many years before closure. The protocols and systems in use in these generations were �������never designed for
11、 the world they are being used in today. Compensating controls, and retrospectively building security post initial deployment, is cumbersome and as such the mobile indust�������ry has to implement several add-on security technologies and requirements. However, as the industry evolves, known threats become
12、more defined and progress to defend against them is being made. The GSMA believes security threats have been on the rise and will continue rising with the adoption of new technologies and services within an expanding ecosystem. Security must move������� with the threat and enable technology adoption if it
13、is to outmanoeuvre those working against the industry. One overarching, ongoing challenge the industry faces is the lifespan of the technology they support. 2G and 3G networks still account for 50% of �����network traffic. The technologies these networks rely on have been in place since the 199�����0s FIGURE
14、1 2019 INDUSTRY THREATS Next generation mobile will deliver feature rich intelligent connectivity and we must ensure it remains secure and resilient. Jon France, Head of Industry Security , GSMA Supply Chain Threats Device Threats S�������ecuring the 5G Era Internet of Things Threats Software Threats Secur
15、ity Skills Shortage Signaling Service Threats Cloud Threats 2019 INDUSTRY THREATS MOBILE TELEC������OMMUNICATIONS SECURITY THREAT LANDSCAPE 4 Threat Landscape Structure MOBILE TELECOMMUNICATIONS SECURITY THREAT LANDSCAPE 5 This second version of the GSMA Security Threat Landscape report aims to provide un
16、derstanding of mobile telecommunications threats at a high level. Each chapter in this report represents a single threat domain. All chapters that appeared in the 2019 report have been updated to reflect the current thr������eats facing the industry. As the threat landscape has evolved, several threats se
17、en in the past have been relegated to a lower status and been repl�������aced with new threats (figure 1). This does not m�����ean that legacy threats have disappeared. They still need to be addressed. As a result this report builds on the 2019 Security Threat Landscape to present an updated view of the evolvin
18、g threat landscape.1 For each threat the GSMA aims to outline the nature of the threat to the industry, offe�����r insight and propose recommendations and actions the industry could implement. Each chapter is structured as follows: THE GSMAS OVER���ARCHING VIEW OF THE THREAT FURTHER INSIGHTS INTO THE THREAT
19、 RECOMMENDAT�������IONS PROPOSED BY THE GSMA 1 MOBILE TELECOMMUNICATIONS SECURITY THREAT LANDSCAPE Cloud and Virtualisation 2 A private cloud is a particular model of cloud computing that involves a distinct and secure cloud based environment in which only the��� specified client can operate. 3 cloud.2 Any po
20、tential economies of scale, offered through virtu�������alisation and cloud services, will only be realised if the security controls remain consistent when implemented. implemented correctly. Once designed, the template-driven aspects of virtualisation allow automated deployment of systems that are secure
21、by default, an aspiration of current and future networks. A com�������bination of poor implementation and a lack of the correct skills within the industry can result in these controls being������� misconfigured or configured inconsistently, meaning a missed opportunity to protect the network; conversely, the misc
22、onfiguration can also result in a number of threats (figure 2) being realised.3 Cloud services usage is on the rise year on year. This includes IT and telecommunications alike, albeit telecommunications services �������currently prefer private Virtualisation, and as such cloud threats, are well understood
23、(figure 2). Pro����tecting against these threats requires a combination of traditional IT hygiene controls and recognition������ of the structural and supply chain changes affecting the network, especially in relation to visibility (data, asset etc.). Cloud services rely on virtualisation, where it can offer
24、granular security controls and policies if designed and FIGURE 2 CLOUD AND VIRTUALISATION THREATS globe?�������������database TRADITIONAL IT AND HYGIENE THREATS Poor patching practices Virtualisation aware malware Lack of network visability Inappropriate access controls DATA, RESOURCE LEAKAGE Insecure API/interf
25、aces Misconfi������gured isolation controls RESILIANCE Geographical Vendor 6 Design and implement resilience through redundancy and use of multiple availability zon��������es. Subject virtualised systems to the same IT hygiene best practice as physical systems. This includes patch management, vulnerability manage
26、ment, hardening practices, authentication, access controls etc. Cover in-life threat modelling as part of the ongoing risk management process. Dev�������elop a threat model for each deployment model and cons���ider hypervisor-based attacks, VM-based attacks, and VM image attacks If outsourcing, ensure that th
27、�����e above expectations are passed on to the vendor via the request for information (RFI) / invitation to tender (ITT) process Check that suppliers hold appropriate compliance to industry-standard certifications to assure that it is following industry best practice and regulations4 Develop and retain a
28、ppropriate skillsets amongst staff to manage cloud deployments, specifically cloud-based security skills5 Cloud services and internal virtualisation mechanisms benefit from similar controls, these include: Local policy covering all cloud delivery a�����nd deployment models. Specific controls may relate t
29、o provisioning, service implementation, vendor choice, data management and destruction, and threat detection services Use microsegments to isolate hig������h security or legacy areas; use virtualisation-aware security tooling to enforce policy and monitor these segments Isolate services, memory, tenants a
30、nd processes effectively. Only house like-for-like security levels on the same hypervisor Use modem hardware that supports appropriate security controls and that these are enabled and supported within the virtualisation layer Purchase security controls that are virtualisation-aware and a�����re abl�������e to p
31、rotect microsegments and virtual services. Ado������pt the same appr����oach for cloud services Develop consistent management and orchestration (MANO) services that include security controls at build phase (secure by design) 4 https:/cloudsecurityalliance.org/star/ 5 The Cybersecurity Insiders Cloud Security
32、Report 2019 highlights th�������at 26% of people cite that a lack of skills impacts their ability to secure cloud services; 41% say that a lack of training and skills stop them updating to cloud based specialised security tooling. MOBILE TELECOMMUNICATIONS SECURITY THREAT LANDSCAPE 7 MOBILE TELECOMMUNICATI
33、ONS SECURITY THREA���T LANDSCAPE on enterpr������ise IoT devices being attacked and becoming unavailable is not only a service quality threat but potentially a health and safety, and patient care concern. The number of IoT devices being added to botnets increased in 2019 and a change in attack vectors to tar
34、get enterprise IoT devices has been identified.6 The impact FIGURE 3 IoT B����OTNET Internet of Things 6 Shodan is a search engine for Internet-connected devices and it reports a 15,000 growth of insecure MQTT devices in 2019 Supply Chain Threats Device Threats Securing the 5G Era Internet of Things Thr
35、eats Software Threats Security Skills Shortage Signaling Service Threats Cloud Threats 2019 INDUSTRY THREATS 1234 A ������botnet is owned by the attacker, who is referred to as the bot master The bot master controls the bot and deplo�����ys the initial malware infection into the IoT Insecure IoT devices are lo
36、cated and they are added to all the botnet. Once added at is used to locate o����ther vulnerable IoT devices The victims network receives trafc from infected IoT devices once, saturating the vulnerable IoT devices 8 Where������ passwords cannot be changed, segregate the IoT devices within the network and plac
37、e compensating controls in place Where legacy (i.e. vulnerable M2M) devices, infrastructure and operating system������s are in place, segment these services away from other areas of the network Enable segment blocking in the event of an attack Identify what a device is and sense-check the data received/tr
38、ansferred ensuring it is sending the anticipated/expected data to the right location: Monitor IoT device traffic e.g. for unexpected o�����utbound widget or PowerShell requests attempting to pull malicious payloads on to your IoT devices Restrict access to IoT devices by placing them behind network defen
39、ces Restrict outbound activity for IoT devices that do not require external access. (e.g. using IP addres�������s white- listing, barring of SMS/voice services etc.) Prepare an incident response plan for when the network is attacked by a botnet GSMA Intelligence estimates a total of 13 billion IoT connecti
40、ons in 2020, a year-on-year growth of 15%. 57% of these are classified as consumer IoT conne������������ctions and 43% are classified as enterprise IoT.7 This trend is expected to continue with an estimated 25 billion IoT connections by 2025.8 The Vodafone IoT Barometer highlights how all industries surveyed we
41、re adopt�����ing IoT initiatives and with senor dense environments such as logistics and manufacturing alo�������ngside health management it is vital the verticals are protected. The impact of these services becoming unavailable is not just service quality but also health and safety and patient care.9 The ways
42、to protect enterprise IoT are understood failure to deliver on these security requirements however will potentially������ result in organisations IoT devices becoming part of a wider attack, using up resources and potentially removing their availability. Therefore, the GSMA recommends IoT service provider
43、s: Know what IoT devices are on their estate Secure their IoT de�������vices; the GSMA maintains a flexible set of IoT Security Guidelines and an IoT Security Assessment. Advice includes: Where possible confirm all IoT devices are compliant with corporate policies, including authentication, encryption, pat
44、ching and password requirements 7 as a result, the GSMA recommends that operators implement compensating controls, specifically: Provide guidance for consumers and enterprises on the risks of using SMS as a multi-factor authentica�������tion mechanism Implement signalling controls outlined in the GSMA Frau
45、d and Security Group (FASG) guidelines on securing interconnect prot�������ocols43 Have a fraud management system (FMS) to identify, detect and prevent potential fraud transactions within the signalling messages MOBILE TELECOMMUNICATIONS SECURITY THREAT������� LANDSCAPE 17 Recent research found that:41 53% of cal
46、l tapping attempts on 3G networks succeed 67% of networks fail to prevent b�����ypass of SS7 protection 9 out of 10 SMS messages can be intercepted The insecurity of SMS has affected verticals that rely on SMS as part of their 2-factor authentication (2FA) processes, specifically finance.42 This trend hi
47、ghlights the ongoing and legacy nature of this threat as the same threats were reported within industry since 2014. The industry understands threats posed by signalling protocols, SS7, GTP and Diameter however their fixes are not straigh������tforward to apply to complex and large scale networks.38, 39, 4
48、0 As such, these threats are unlikely to be removed from any t����hreat landscape relating to the mobile telecommunications industry for several years to come. 3����8 Signalling System 7 (SS7) is an international telecommunications standard that defines how network elements in a public switched telephone ne
49、twork (PSTN) exchange information over a digital signalling network. Signalling Transport (SIGTRAN) is the standard telephony protocol used to tra�������nsport Signalling System ������7 (SS7) signals over the Internet. 39 GPRS Tunnelling Protocol (GTP) is a group of IP-based communications protocols used to carry general packet radio service (GPRS) mobile telecommunication networks 40 Diameter protocol is a subscriber authentication, authorisation and accounting protocol created to replace SS7. 41 https:/conference.hitb.org/hitb
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
