Positive Technologies Telecom Attack Discovery DATA SHEET

Similar documents
Express Monitoring 2019

On the Radar: Positive Technologies protects against SS7 network vulnerabilities

PROACTIVE APPROACH. INTELLIGENT CYBERSECURITY. ptsecurity.com

Vulnerabilities in online banking applications

OUR PRODUCTS. PT Application Firewall. PT Application Inspector. MaxPatrol

PRIMARY SECURITY THREATS FOR SS7 CELLULAR NETWORKS

Mobile operators vs. Hackers: new security measures for new bypassing techniques

Trojans in SS7 - how they bypass all security measures

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

PT Unified Application Security Enforcement. ptsecurity.com

Security Information & Event Management (SIEM)

Kaspersky Enterprise Cybersecurity. Kaspersky Security Assessment Services. #truecybersecurity

Q WEB APPLICATION ATTACK STATISTICS

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

Security by Default: Enabling Transformation Through Cyber Resilience

RSA INCIDENT RESPONSE SERVICES

Symantec Security Monitoring Services

CyberArk Privileged Threat Analytics

Carbon Black PCI Compliance Mapping Checklist

Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Cyber Security Audit & Roadmap Business Process and

Are we breached? Deloitte's Cyber Threat Hunting

RSA INCIDENT RESPONSE SERVICES

Protecting productivity with Industrial Security Services

SIEMLESS THREAT DETECTION FOR AWS

Built-in functionality of CYBERQUEST

HOLISTIC COMMUNICATIONS SECURITY

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

How Breaches Really Happen

SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS

GSMK. Cryptography Network Security. GSMK Oversight SS7 Firewall and Intrusion Detection System

CA Security Management

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

External Supplier Control Obligations. Cyber Security

Mavenir Keynote. Think Smarter Secure communication Innovate Services. By Mohamed Issa Regional Head of Africa Sales

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

THREATS TO PACKET CORE SECURITY OF 4G NETWORK

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Sage Data Security Services Directory

Vulnerability Management Policy

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

RSA NetWitness Suite Respond in Minutes, Not Months

Integrated Access Management Solutions. Access Televentures

The New Era of Cognitive Security

CONTENTS. Subscriber denial of service...9 Causes of vulnerabilities Recommendations for protection Conclusion... 13

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

How AlienVault ICS SIEM Supports Compliance with CFATS

Cybersecurity Auditing in an Unsecure World

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Continuous protection to reduce risk and maintain production availability

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

Office 365 Buyers Guide: Best Practices for Securing Office 365

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

Chapter 5: Vulnerability Analysis

CYBER RESILIENCE & INCIDENT RESPONSE

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Security Policies and Procedures Principles and Practices

WEB APPLICATION VULNERABILITIES

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Security Audit What Why

Internet of Things Security standards

QuickBooks Online Security White Paper July 2017

Fractured Backbones Incidents Detection and Forensics in Telco Networks

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Q WEB APPLICATION ATTACK STATISTICS

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

University of Pittsburgh Security Assessment Questionnaire (v1.7)

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks

Real-time Communications Security and SDN

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

ARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Imperva Incapsula Website Security

Choosing the Right Security Assessment

with Advanced Protection

ALIENVAULT USM FOR AWS SOLUTION GUIDE

to Enhance Your Cyber Security Needs

The GenCyber Program. By Chris Ralph

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

This Online Gaming Company Didn t Want to Roll the Dice on Security That s Why it Worked with BlackBerry

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Service Provider View of Cyber Security. July 2017

Complying with RBI Guidelines for Wi-Fi Vulnerabilities

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Transcription:

Positive Technologies Telecom Attack Discovery DATA SHEET

PT TELECOM ATTACK DISCOVERY DATA SHEET CELLULAR NETWORK SECURITY COMPLICATIONS As is shown in the network analysis performed by Positive Technologies in 014 *, even hackers with a minimal knowledge of how to launch security attacks against a telecom company can: Disclose a subscriber location Wiretap phone calls Intercept SMS messages and passwords Steal money from subscriber accounts Affect availability of service The research also discovered that: Even the top 10 telecom operators are vulnerable to these attacks Hacker location and network type are of no significance Hackers only need a Linux-based PC Required software is available on the Internet Attacks involve valid messages: rough filtration can negatively affect your entire service Our society is more reliant than ever on telecommunications. There are at least 4bn subscribers worldwide and 70% of firms rely on the network for Internet-of-Things (IoT) and Machine-to-Machine (MM) solutions for the provision of their own services. Everything from ATMs to GPS navigation devices already transmits data over cellular networks. But there is a significant weakness at the heart of this mobile revolution: the widely-used signaling protocols were developed decades ago with no protection provided or even planned. Though recently introduced, SIGTRAN specifications for protocols inherited all the weak points of. Mobile communications further evolved to provide mobile carriers and service providers with wider access to networks. Overall roaming connectivity adds to the pressure on mobile carriers to ensure network security and continuity of service. This lack of security enables hackers to send, intercept, and alter messages attacking cellular networks and subscribers. Recently, security has become very topical: When Edward Snowden, a former contractor for the CIA, first talked about the total surveillance by the NSA, many infosec experts showed evidence that the main technique the NSA could have used was exploitation of vulnerabilities. There are private companies offering attack services at reasonable rates, and as more companies enter the market, the rates continue to fall. Celebrities private conversations posted on the Internet by hackers have become more frequent. Current filtering systems (firewalls) are weak as they fail to analyze signaling traffic flows in detail without causing a loss of speed and connectivity. * www.ptsecurity.com/library/whitepapers/

PT TELECOM ATTACK DISCOVERY : DETECTING MOBILE ATTACKS PT Telecom Attack Discovery a new telecom security solution from Positive Technologies detects intrusions via an network online and immediately informs infosec departments for early incident response. The system also performs a retrospective analysis of signaling traffic and assists in forensics tasks while not interfering with /SIGTRAN interaction. Key features: Detection of all attack vectors including: examination of the network and collection of subscriber data (IMSI,, ), user location tracking, interception of SMS messages, sending of spoofed SMS and USSD messages, subscriber or cellular segment DoS, billing bypass, alteration of subscriber profiles in VLR and subscriber categories. No impact on signaling traffic. The PT Telecom AD system is implemented at the border of the network avoiding a negative effect on signaling traffic. Only an IP connection is required. There is no need to assign special addresses to in the form of Signaling Point Codes (SPC) or Global Titles (GT). Quick attack identification and its thorough analysis enhances protection avoiding impact on the speed of the network and its services. ADDITIONAL FEATURES PT Telecom Attack Discovery is used to create a single stream database in a carrier s network. In addition to detecting attacks, its indepth analysis of signaling traffic and call flows enables carriers to: Investigate fraud Gather evidence of malicious activity Detect equipment errors Find bottlenecks in the carrier s infrastructure Message correlation. This is available in systems with load balancing over several Signal Transfer Points (s), ensuring the whole perimeter is covered and preventing false positives. Regularly updated knowledge base. PT Telecom AD benefits from the expertise of the specialist Positive Technologies Telecoms Research Lab, ensuring it reflects the very latest research on security. Dynamic analysis. This approach rapidly determines which network activity is irregular by monitoring traffic changes and comparing its characteristics at different times. Data visualization. User-friendly dashboards display information about all interactions with external networks; attacks and fraud attempts. These dashboards are configurable for ease of data analysis. 3

PT TELECOM ATTACK DISCOVERY DATA SHEET ATTACK VECTORS: HOW TO DETECT AND PREVENT Example 1: Network investigation and collection of subscriber data (IMSI,, ). A hacker examines an operator s network (1), finds core hosts, determines their functional roles (, 3), and collects information that the network discloses (4). Subsequent BEGIN messages to the GT pool from 7900100900 to 790010090 1 4 ABORT message from 7900100904 7900100905 3 GT 7900100904 GT 7900100905 Meanwhile, PT Telecom AD logs his actions identifying illegal use of such messages as SRI4SM, SRI, SRI4LCS, SendIMSI, etc. Recognizing attacks while they are being planned helps to prevent their execution. Example : Disclosure of subscriber location and control over his moves. With necessary data on the network and its subscribers gathered, the hacker directly addresses the main hosts (1, ) requesting information about the subscriber via ATI, PSI, and SRI messages (3). Subscriber IMSI 1 MCC, MNC, LAC, CID 3 MCC: 50 MNC: 90 LAC: 4A67 CID: 673D Using signature analysis, PT Telecom Attack Discovery singles out illegal messages from the traffic and registers an attack attempt. Rapid response to the attack can block and prevent the hacker from monitoring subscriber moves. Example 3: Interception of SMS messages is one of the most perilous attacks because it exploits SMS messages that often include sensitive information such as payment confirmation (3D Secure codes) and recovery data for email, social network, and payment service passwords. The attacker only needs to register a victim subscriber on a fake (1, ). If successful, the hacker will receive all subscriber s SMS messages (3 6). Fake 1 Fake Subscriber A 4

Subscriber A Subscriber B Where is Subscriber A? 4 3 SMS to Subscriber A Fake 5 SMS Center Fake 6 SMS to Subscriber A Analyzing subscriber registration outside the home network, PT Telecom AD checks its integrity and detects suspicious and unfinished procedures that prove attack attempts. With this attack detected, you can be sure there was an attempt to compromise a subscriber and obtain his data. Therefore, prevention of such attacks and notification of clients of such attempts is a necessity. Example 4: DoS for MSC. A hacker can directly attack an operator s network and its services. The most severe are DoS attacks because they cause network unavailability and many other negative implications. The attack is based on the procedure of assigning a roaming number (MSRN) when receiving a voice call. If an attacker sends multiple roaming number requests (1), then the pool of available numbers will soon be exhausted (). As a result, the switch will not be able to process terminating calls (3). Provide Roaming Number 1 BUSY 3 BUSY Subscriber Studying valid call flow sequences, PT Telecom AD detects attacks at the very beginning, identifies and helps to block attack sources. Detection of other DoS attacks exploitation of Reset and SCCP Management, denial of service via SSN Prohibit and TID Flood has the same algorithm. PT Telecom Attack Discovery can also discover redirection and wiretapping of voice calls, sending of fake SMS and USSD messages, subscriber DoS, spoofing of a subscriber s profile in a VLR, alteration of a subscriber s category, and many other attacks. For details, see the SIGNALING SYSTEM 7 () SECURITY REPORT at http://www.ptsecurity.com/upload/ptcom/_wp_a4.eng.0036.01. DEC.8.014.pdf 5

PT TELECOM ATTACK DISCOVERY DATA SHEET PT TELECOM ATTACK DISCOVERY IN USE Application SCCP MTP Modularity PT Telecom Attack Discovery includes two types of modules. collects raw traffic from the, singles out useful data, and sends messages to. aggregates processed traffic from all s in the network, creates dialogs, discovers intrusions using its knowledge base, and examines signaling traffic for unusual behavior. Full view PT Telecom Attack Discovery obtains data from all required links, either international or local, and places it in separate dialogs on to avoid loss of system messages and false positives. In-depth protocol analysis traffic processing Signaling messages PT Telecom AD studies all-layer protocols and checks address information, address and subscriber ID compliance, and operation codes. Based on the complete view of the signal exchange, the system comes to a conclusion about the attack and immediately informs the infosec department about it. Call flow inspection With a vast knowledge of mobile systems, PT Telecom AD identifies suspicious messages from external networks, unusual message sequences, and wrong equipment responses to outside actions. The system renders all data on anomalies to information security staff for analysis. Flexible classification of attacks With a custom event classification system, PT Telecom AD signals an attack if a message comes from a blacklisted address. There is also the option to create white lists a limited number of addresses whose actions will be recognized as valid. Normalization Correlation Attack Detection Alerts: DEPLOYMENT AND OPERATION MODES PT Telecom Attack Discovery is deployable both as hardware and as a virtual solution. Depending on the client s tasks and technical specifications, the system can run in a variety of modes: 1. External traffic analysis on the. PT Telecom AD receives all incoming and outgoing traffic on an external interface and detects attacks against telecom carriers. Source Target Type Severity Statistics 6

. analysis after the border. To detect intrusions into a border device, PT Telecom AD examines a of traffic from an internal network on any aggregating host. PT Telecom Attack Discovery processes the of signaling traffic and keeps away from the /SIG- TRAN interaction between operators avoiding any damaging impact on the network and its services speed. 3. analysis before network elements. If PT Telecom AD cannot obtain a traffic from an aggregating host, it studies traffic before key network elements (,, SMSC). 4. Analysis of specific message types. SIGTRAN must be connected to the. The must be able to traffic depending on specific features of signaling messages. 7

PT TELECOM ATTACK DISCOVERY DATA SHEET ADDITIONAL SERVICES: TELECOM SECURITY ANALYSIS PT Telecom Attack Discovery enhances detection of real-time intrusions via the network. Nonetheless, you can prevent many attacks beforehand discovering vulnerabilities and noncompliance with security standards on all the levels of the telecommunications infrastructure. Positive Technologies provides telecom companies with: security audit service that includes MAP/CAP attack simulation, assessment of impact on CS Core (//AuC), forensic investigation of possible fraud or -based security incidents. Cell network security assessment to examine various vulnerabilities and configuration weakness in the radio access network that could allow illegal use of services and disruption or degradation of services delivered through G, 3G, and 4G. Mobile application security service to reduce the risk of security breaches that could cause significant financial losses and damage to reputation. We provide both client- and server-side application analysis using gray- and white-box testing to identify vulnerabilities and find ways to neutralize them. Penetration testing to detect hidden system flaws; evaluate the potential impact on operations if those flaws are exploited; verify the efficiency of current security tools and evaluate the level of security awareness among staff. Vulnerability research into new technologies, protocols, and applications to check whether security mechanisms are missing or employed incorrectly; to identify vulnerabilities and security issues that arise as a result and reduce associated risk. Security and compliance audit (ISO 7001, 700, and 7011; TIA, ITU, NIST, ETSI recommendations) as a basis for development of an adequate and comprehensive action plan for information security enhancements. Such plans help to mitigate the financial and reputational risk related to information security. About Positive Technologies Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection. Commitment to clients and research has earned Positive Technologies a reputation as one of the foremost authorities on Industrial Control System, Banking, Telecom, Web Application, and ERP security, supported by recognition from the analyst community. Learn more about Positive Technologies at ptsecurity.com. 017 Positive Technologies. Positive Technologies and the Positive Technologies logo are trademarks or registered trademarks of Positive Technologies. All other trademarks mentioned herein are the property of their respective owners. info@ptsecurity.com ptsecurity.com PT-Telecom_AD_DS_A4.ENG.0007.13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback