New network, new challenges
Innovative services for 5G networks pose risks
By Karl Heuser
With every new opportunity that 5G opens up for digital service providers, there are also lucrative starting points for attackers. Now that network operators are setting up 5G standalone networks (SA), there is an even larger attack surface with even more valuable targets.
The consequences of successful DDoS attacks are passed down, i.e. to the providers of 5G services. Accordingly, communication service providers (CSP) in the 5G network must take responsibility for the security of their services on several levels. First of all, it is important to ensure their reliability, which is highly dependent on network availability. Then loss or theft of data must be reliably prevented. And finally, it is important to meet regulatory or compliance requirements.
Companies fear network outages caused by DDoS
In particular, companies fear that their digital infrastructure will be exposed to additional attacks by 5G. According to a Accenture’s survey 35 percent of decision-makers in companies have concerns about 5G security. 62 Percent fear that 5G will increase the frequency of attacks. DDoS attacks on network availability are classified as the main cause of disruptions.
Additional problems for CSPs
According to the latest Threat Intelligence Report by Netscout in the second half of 2021, the mobile industry recorded a 38 percent increase in attacks worldwide, while many other telecommunications sectors recorded a decrease in the same period. This trend probably reflects the continued increase in gamers using Wi-Fi hotspots, as well as the rapid spread of 5G technologies and services.
Voice-over-IP (VoIP) communication providers have also been affected by high-profile DDoS extortion or ransomware DDoS attacks by a REvil copycat perpetrator. This resulted in an estimated revenue loss of $9 to $12 million. According to the North American Industry Codes, VoIP providers and their infrastructure fall under two primary industries: telecommunications companies and data processing hosting and related services (cloud computing). In the first category, attacks increased by 93 percent in the first half of 2021, while in the second category there was a significant increase in the EMEA region. In fact, the “Data processing hosting and Related services” category was the top destination in EMEA for the second half of 2021.
And with 5G SA, a new problem area is now being added. This is because 5G SA is changing the architecture of the mobile radio core and replacing it with a new 5G core based on a service-based architecture. The stand-alone variant (SA) also introduces a variety of new protocols as well as containerization and orchestration initiatives. Next-generation 5G services will run within a cloud-native architecture over new virtualized network infrastructures.
These 5G SA networks are currently still in the initial phase of rollout and enable mobile services such as Massive Machine Type Communication (MMTC) and Enhanced Mobile Broadband (EMBB). It is precisely this combination of the potential vulnerabilities of newly developing networks with communication processing that has only minimal human intervention that is exactly what attackers find so attractive as a target.
In addition, the spread of devices in the Internet of Things (IoT) has increased enormously in recent years. But each of these networked devices offers not only functionality, but also additional attack surfaces for DDoS attacks. And one thing is certain: the demand for new and expanded services via 5G networks will continue to increase over time. This inevitably leads to the use of more 5G devices and greater network usage, which opens up space for more attacks. This is how IDC predictsthat in 2025, 152,200 IoT devices will connect every minute.
What to do?
During the pandemic, providers are already recording peak numbers of service accesses in the previously established networks, in addition to data transfers for video conferences, streaming and games. Security concepts with high network utilization are therefore no foreign terrain for the operators. In order for new services and thus revenues to be generated via 5G networks, providers must also establish an adequate infrastructure for the protection of critical networks and services. It makes sense to take a risk-based approach to protecting services, because different services have different requirements and risk levels.
By taking a proactive approach to threat detection and mitigation, CSPs can respond more quickly to detected threats to protect 5G networks and accelerate the adoption of services running over them. For this purpose, service providers must ensure complete end-to-end transparency of service traffic both at the interfaces to the used network and within the packet core at the control level as well as for data transmissions at the user level in order to be able to identify and eliminate potential risks in the context in a timely manner.
Know what’s happening
As mobile malware continues to spread and more IoT devices are deployed, monitoring the botnet population is becoming increasingly important. To assess the threat situation and identify compromised devices, threat intelligence services are suitable that present current information on cyber attacks and other threats from different sources in a consolidated manner.
This allows you to initiate automated reactions to specific forms of attacks at all control and user levels as well as for the infrastructure used. After all, the ability of providers to quickly limit damage through direct interventions or network policy functions will ultimately have a decisive influence on their market positioning.
But not only the detection of threats is important, but also a continuous overview of changes in network, service and user behavior. The situational awareness developed in this way through consistent visibility and intelligent data metrics allows the proactive handling of threats and potential misconfigurations.
(Photo by Netscout )
All this can lead to a faster response to a detected threat, which, in essence, contributes to the protection of 5G networks, increases the acceptance of services running through them.
About the author
Karl Heuser is Account Manager Security DACH at Netscout.