By Ted Curtis, Senior Engineer at Netscout
Recent next-generation mobile technologies are bringing an evolutionary shift in connected devices and 5G usage. However, these new services have also caught the attention of cyber attackers, with DDoS activity rapidly increasing since 5G non-standalone (NSA) networks were first launched. Carriers have since begun to deploy 5G standalone (SA) networks, which is consequently providing attackers with an even greater attack surface with even more valuable targets.
The greatest threats for 5G service providers
For 5G service providers, the greatest threats involve network availability or downtime, loss of data, and being unable to meet regulatory or compliance requirements. When launching a DDoS attack, the primary goal is to prevent an online service from functioning by overwhelming it with traffic. The resulting impact of DDoS attacks on network availability is, therefore, a big concern for 5G providers.
The impact of DDoS attacks also affects their enterprise customers as well. In a survey by Accenture, 35% of business decision-makers expressed concerns about 5G security, and 62% feared that 5G will expose them to further attacks.
However, it is ultimately the direct impact of DDoS attacks on network availability that service providers are most concerned about. In the event of a significant DDoS attack, both 5G service providers and enterprise customers face the biggest implications in the aftermath.
Key areas of concern
It’s clear that communications service providers (CSPs) have much experience with DDoS attacks, often being among the most targeted industries globally. However, the deployment of 5G presents specific concerns for service providers.
Firstly, 5G SA networks are currently in the early stages of deployment and allow mobile services such as massive machine type communication (MMTC) and enhanced mobile broadband (EMBB). Combining the potential vulnerabilities of developing networks with communications that have minimal interference from humans is exactly what cyber attackers find so appealing as a target.
Secondly, the expansion of Internet of Things (IoT) devices has grown tremendously in recent years. Each connected device produces its own expanding attack surface, making it more vulnerable and easier for DDoS attackers to compromise. The demand for new and expanded services through 5G networks is likely to increase as time goes on which, as a result, will drive the use of 5G devices and network usage upwards, leading to more attacks.
How CSPs can stop attackers
Throughout the Covid-19 pandemic, service providers have managed huge spikes in legitimate network traffic – with additional video conference calls, streaming and gaming – as well as defended critical network infrastructure from an increase in attacks.
Moving forward, for 5G networks to deliver new revenue opportunities and services, operators will need to take more proactive steps when it comes to safeguarding the critical aspects of their business – customers, services and networks.
Firstly, CSPs must ensure there is end-to-end visibility of service traffic inside the packet core, as well as when traffic enters and leaves. To be able to identify risks in context, it’s crucial to have a complete and consistent view across control and user plane activity inside the core. Providers also need to be able to view traffic to or through key infrastructure.
CSPs should also take a risk-based approach to protecting services. Services drive return on investment, but they don’t all have the same requirements or risk levels. Deploying visibility, service and security assurance capabilities should focus on ensuring the right capabilities for the right services.
Furthermore, threat intelligence is a vital tool for service providers with regards to threat detection and mitigation, identifying compromised devices communicating across a network, and automating responses to specific attacks. As mobile malware continues to proliferate, and as more IoT devices are deployed, botnet population monitoring has become even more important.
It’s also recommended that CSPs automate attack detection, rate limiting and mitigation. Threats should be detectable across control and user planes and service-enabling infrastructure. The ability to quickly rate limit or mitigate via either direct intervention or network policy functions is key.
However, while threat detection capabilities are important, so is having an ongoing view of trends in network, service and user behaviour. Situational awareness via consistent visibility and smart data metrics plays a major role in getting ahead of threats and identifying outlier behaviours and misconfigurations.
It’s clear that for every new opportunity 5G opens to service providers, it also creates new and lucrative opportunities for attackers. By taking a proactive approach to threat detection and mitigation, CSPs can respond faster to any detected threat, ultimately protecting 5G networks and accelerating the adoption of services running across them.