It’s the stuff of security professionals’ nightmares. The rise of 5G and the growing number of connected mobile and Internet of Things (IoT) devices means the mobile security threat landscape is larger than ever.
For this reason, mobile security promises to be a major topic at Mobile World Congress 2018, as security professionals and service providers share tips — and threat research — about how to best protect networks and users from cyberattacks.
Palo Alto Networks will host a panel on this topic, titled “Revolutionizing Mobile Network Security.” The panel, with A&T Assistant Vice President Rupesh Chokshi and Patrick Donegan, the principal analyst with HardenStance, will include a discussion on the growing threat landscape and the techniques needed to secure networks and devices.
Greg Day, VP and CSO of Palo Alto Networks, EMEA, will provide results of recent research from Unit 42, Palo Alto Networks’ threat research group.
Mobile Security Landscape
Day said Android is now the most common platform in the world. “That creates an interesting speculation,” he continued. “Will we see that overtake the traditional PC world for cyberattacks?”
While he doesn’t know the answer, one thing is certain: Hackers are taking their 30 years of finely-honed malware skills and moving their attacks to mobile devices.
He pointed to BankBot, a malicious Android app that imitates real banking applications to steal users’ login details.
Historically, cyberattacks have focused on credit card and online banking fraud. “So what does a criminal do? He takes a technique that has worked well with PCs and moves it into the mobile space for the obvious reasons: more smart phones and a lot of people using them for banking,” Day said.
Newer threats are more specific to how mobile technology is evolving. “One is using smart phones for espionage,” Day said. For example: using an executive’s mobile device to spy on him.”
Automation is another topic that we expect to hear a lot about at Mobile World Congress. It’s critical for service providers working to virtualize their networks and deploy 5G-enabled services. But when it comes to security, automation is a double-edged sword.
On one hand, automation is an essential tool for security operations centers bombarded by huge volumes of threats — and a shortage of skilled security professionals to deal with these threats, Donegan said.
“Use automation to deal with the vast majority of what are well-known, recognized threats,” Donegan said. “Take that workload off of the shoulders of security analysts and allow them to focus on threats that are really menacing and need detailed investigation.”
On the other hand, the bad guys use automation, too.
“We tend to think of automation as something that the defenders can do to protect the networks,” Donegan said. “But a large part of the threat is coming from attackers using automation to automate bot-based attacks. That is a fundamental threat.”
This threat is compounded by IoT device lack of security and sophisticated malware.
Managed Security Services
Donegan said he also expects to hear more telecommunications companies and vendors pushing managed security services at this year’s event.
“The operators need new sources of revenue, and the threats aren’t going away any time soon,” he said. “From a telco perspective, they have excellent reach into the enterprise, they have connectivity into the enterprise. They are already halfway there. They just need to offer compelling services and invest in people who can sell and deliver those services.”