Let’s Prevent 5G “Boundless Connectivity” From Providing “Boundless Opportunity” for Cybercriminals

Terry Young


 Tags: ,

The 5G network evolution will greatly benefit subscribers, service providers and, oh yes, cybercriminals as well.

A recent report published by the GSMA described the 5G era as an age of “boundless connectivity” and “intelligent automation.” With society relying more and more on mobile connectivity and cheap computing power spurring widespread adoption of digital “things,” mobile networks will need to quickly ramp up to provide the bandwidth, low latency, and higher connection rates to meet future performance and connectivity needs. All this change while driving down network capital and operating costs through network consolidation, shared networks, integration with fixed networks and evolution to virtualized architectures. That’s a lot of transformation!

But who will secure this massive mobile ecosystem in the future?

Certainly not consumer subscribers – they are notoriously lax in taking even minimal security measures to protect their phones or privacy. IoT suppliers also have little financial incentive to build in security, and it has only been recently that they have been prodded into more security-focused design. And since they don’t control subscriber actions, mobile operators are equally reluctant to offer additional malware prevention capabilities.

This is good news for the average cybercriminal looking to infect as many devices as possible, as quickly and as cheaply as possible.

Not only does he have a much larger base of potential victims (Ericsson forecasts that mobile connections will increase an additional 1 billion by 2022) but he also has very little resistance from the device users or IoT developers, and a high-performance mobile network run by operators focused on other major strategic transformation objectives.

In fact, that seamless network integration and higher speed the mobile operators work hard to implement can also provide cybercriminals a faster, easier path to transport malware.

While mobile network operators have seen profit margins decline and costs go up, hackers have seen the opposite: hacker costs are down and profits are increasing. Hackers can quickly spin up capacity using the latest automation and cloud technology with no capital investment, and easily acquire “off-the-shelf” exploit kits and other malicious tools.

It’s a part-time job for most cybercriminals, and the job skill requirements keep getting lower.

In the last nine months, we have seen a few high-profile attacks that illustrate how an average, relatively unsophisticated cybercriminal can take advantage of poor security practices and unsecured devices for malicious purposes.

WannaCry is one of the most recent examples of the damage that even an unsophisticated cybercriminal can cause. The ransomware attack began on Friday, May 12, 2017, and within a day was reported to have infected more than 230,000 computers in more than 150 countries.

By most security experts’ analyses, WannaCry was a botched job from unskilled hackers. The hackers made several mistakes, including providing a kill switch in the code and ransomware that didn’t really work – victims could not unlock their files even after they paid the ransom. Yet WannaCry caused massive business disruption, estimated to exceed $4 billion.

As an ecosystem, we must work together to create a better security posture for mobile networks.Palo Alto Networks can help mobile network operators prevent successful attacks from the growing population of average cybercriminals. Download the white paper “Establish An Effective Security Posture in Next-Generation Mobile Networks.”

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS