Author: Mahmoud Samy, Area Head, Middle East, Pakistan and Afghanistan at Arbor Networks
The Middle East and Africa (MEA) region’s insatiable demand for smarter mobile devices and multimedia content delivered on the go is causing telecom operators to battle tremendous growth in mobile traffic on their networks. While in 2012, only 10% of the Middle East’s consumer Internet traffic came from mobile devices, the figure is set to reach 31% by 20171. In supporting these demands while simultaneously building towards a sustainable revenue stream, telecom operators face the challenge of maintaining the availability and performance of their mobile network and services which enhance their customers’ quality of experience.
Failure to do so can result in service level agreement (SLA) credits, damage to brand reputation and customer churn- all of which impact the top and bottom lines of their business. With mobile number portability now an option available to subscribers in the UAE, Saudi Arabia, Qatar, Kuwait and other countries in the region, poor service can well mean a change of operator.
In the era of mobile Internet, smartphone users are increasingly downloading and utilizing apps. A global survey has shown that the MEA region accounts for 13% of app usage. This is a considerably large figure given that North America, typically considered to be a leading smartphone market, only narrowly surpasses this figure at 17%2. With the advent of wireless access to the Internet from mobile devices, attackers now have a huge open-door opportunity to initiate attacks.
Telcos now face threats on their mobile network from their own subscribers and their devices. With the growth in app stores and mobile applications- many of which do not have any security oversight or control- compromised devices such as smartphones, tablets, M2M, laptops and 3G dongles connected to mobile networks are capable of hosting botnets and launching DDoS attacks from the wireless side of the mobile network.
The challenge raised by mobile apps is further complicated as not all threats to mobile networks and service performance and availability are malicious in nature. Mobile applications are why the amount of mobile data traffic continues to increase. Mobile Network Operators (MNOs) have little to no control over which mobile apps their subscribers install and use. To make matters worse, many mobile apps do not take into account that they communicate over networks that operate differently from traditional fixed-line IP networks- especially during recovery scenarios.
This can cause major problems when popular mobile apps undergo maintenance or encounter issues. For example, when a critical component of a social media application becomes inaccessible, it can cause subscriber devices or servers to initiate a retry/recover routine that can trigger huge spikes in mobile data. This traffic storm looks and acts like a DDoS attack on a mobile network because it affects all mobile subscribers, not just the users of the particular application.
Arbor Networks’ 8th annual Worldwide Infrastructure Security Report (WISR), which is based on survey data from 130 network operators and service providers around the world, includes evidence of both malicious and non-malicious threats to mobile network operators. The majority of operators who suffered non-malicious incidents relating to poorly-behaving applications took a reactionary stance toward detection and mitigation, with over 30 percent indicating that they had to perform a reactive analysis of the problem.
This is an unfortunate statistic, but is a direct result of the consumer broadband-based business model that mobile providers work within. Each subscriber contributes a small amount of revenue to the provider, and every time the subscriber calls into the provider help desk, that revenue is offset by cost. There is little incentive to put measures in place that could result in that subscriber calling less often; hence, the more reactive approach.
There is a need for policies to change as there is more than enough evidence that these threats are occurring and impacting mobile networks. The 2012 WISR data highlights the growing threat to mobile networks. 34% suffered a customer-visible outage due to a security incident, which is a 64% increase over the prior year. 57% do not know what proportion of subscriber devices on their networks are participating in botnets or other malicious activity. 60% have no visibility into traffic on their packet cores, resulting in unseen threats that cannot be prevented or contained. 45% do not know if DDoS attacks are targeting their Internet Gi infrastructure. 28% observed DDoS attacks targeting their wireless networks, while 25% don’t know if such attacks occurred due to a lack of visibility. 16% reported outbound attack traffic from subscribers, but 25% can’t tell if subscribers are originating DDoS traffic due to a lack of visibility.
The risk to operators is clear: unseen threats cannot be prevented or contained. Many mobile devices are now as powerful as some laptop computers. The malware problem in the mobile space is quite real, and large-scale malware activity could have a devastating impact on the resources of a wireless infrastructure. Given the speed of evolution in mobile technologies and the increased dependence on mobile networks, mobile operators need to upgrade their infrastructure to maintain competitiveness. Simultaneously, they should implement threat detection and monitoring solutions to protect themselves and their customers.
Mahmoud Samy is a Regional Sales Director with over 19 years of experience and expertise within the Telecommunications, Enterprise, IT and Electronics sectors at Regional Director, Regional Manager, General Manager and Head of Sales-levels. He has worked at companies like F5 Networks, Juniper Networks, 3Com (Acquired by HP), Peribit Networks (Acquired by Juniper Networks) and a few other leading technology companies in the region. A visionary figure, he has a proven track-record in making decisive business decisions for business growth, client engagement and proactive networking across the MENA region, in addition to Turkey, Cyprus, and Malta.