The mobile malware crisis: What more can be done by CSPs?
As news of botnet malware attacks becomes more frequent, it often feels like the security industry is on the backfoot when it comes to malicious attacks. Most recently, the Mirai botnets gained headlines by leveraging easy-to-exploit vulnerabilities in webcams, routers, digital video recorders and other connected devices.
As the Internet continues to go mobile, says Moshe Elias, director of Product Marketing, Security Solutions, Allot Communications, smartphones and tablets will continue to be prime targets for malware attacks. The threat is real, but how much do consumers know about the risk of mobile malware? Do they protect their mobile devices from online threats, and who do they call for help during or after a malware attack?
Our recent survey on consumer mobile security revealed that a significant number of subscribers (26%) turn to their mobile operator when facing a malware incident on their mobile phone, even when the operator is not the one providing the security service.
This finding indicates that mobile users perceive the service provider as one that can provide the solution when they face security problems. In that same survey 61% of the respondents said they will likely buy security services from their service provider.
Mobile users demand for security together with the special limitations in protecting IoT device point out on a big opportunity for Service providers to be pro-active and offer mobile protection from their network. This way they can become the one-stop-shop that delivers, drives and protects the digital experience.
Mobile operators need to be able to see, control and secure the traffic that IoT devices generate. It is possible to mitigate DDoS attacks whether they originate outside or from within the network to protect IoT deployments. The following advice will help CSPs take the fight to malware hackers and protect their customers.
Acceptable access policies: Take preventive measures in order to reduce attack surface and limit the risk of infection of IoT devices. Acceptable access policies include white- and black listing of target ports and access protocols as well as source addresses, limiting external communication with the device. They also allow definition of specific time periods for maintenance works while restricting the communication protocols and applications using a DPI engine. It’s advisable to look for a solution which has a proven record of carrier-grade scale management of traffic involving millions of elements.
Deploy operator scale web security: One of our customers, Vodafone Spain Secure Net protects over four million mobile customers, and in the first nine months of 2016 blocked 154 million threats, 50,000 of them ransomware attacks, providing security and generating high customer satisfaction with significant incremental revenue. One of the unique attributes of this solution, is that no client installation is required to provide anti-malware and parental controls on any device (i.e. solution is provided through the network directly).
Anomaly detection: A network analytics platform is able to identify different types of devices, behaviour and identify anomalous traffic patterns on specific devices that are monitored.
DDoS protection: Since the Mirai malware has been used in the past to launch massive DDoS attacks, both inbound and outbound protection is required.
Capacity. Allot Service Gateway platforms running Allot DDoS Protection and Web Security as a Service solutions provide the highest inline cyber protection services in the industry, scaling to 2Tbps per cluster and with proven deployment in service networks with millions of customers and IoT devices.
Since the release of the original Mirai source code, it has inspired many bad actors to exploit similar pools of IoT vulnerable devices and launch massive DDoS attacks. Such attacks proved that, if used on specific targets, they can cause a wide-scale outage by bringing down websites, services, or even internet infrastructure.
The steps outlined above will provide CSPs with the tools they ned to block the spread of bot infections and mitigate outbound DDoS attacks originating from such botnets.
The author of this blog is Moshe Elias, director of Product Marketing, Security Solutions, Allot Communications
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus