By Ivan Marzarioli *

The transition to 5G technology is an evolution too good to be true for cyber criminals. It offers ample opportunities for Hacked and generate disorder, without them having to make great efforts to be able to benefit from it.


First, the security implications of 5G must be considered. The transition to 5GC (core) and multiaccess edge computing (MEC) will be characterized by an increasingly complex scenario of multigenerational technologies and fragmented security functions. Mobile operators will not migrate to 5GC overnight; they will continue to operate the infrastructure 3G / 4G legacy for many years, just as they will need to support IPv4 traffic even after completing their own internal IPv6 conversion. The greater the number of different and overlapping technologies that need to be managed, maintained and integrated, the greater the likelihood that gaps and lapses will leave openings for hackers.

In the meantime, the move to MEC will also mean migrating from centralized data centers to hundreds or thousands of much smaller nodes at the end of the network, each needing its own set of firewalls, DDoS detection / mitigation, ADC, CGN, traffic routing , load balancing, and so on. There is a lot of equipment to accommodate a 5G cell site with limited space and energy, and many devices to replicate and manage across the distributed infrastructure.

Simply put: hackers dream of attacking the surface layer of the mobile operator's network.

You don't have to be a genius

While mobile operators are investing billions of dollars in next generation technologies and network professionals are improving on new skill sets, hackers are already well prepared to make the most of the 5G era. The black market offers a wide range of automation tools and cloud services that can make any common swindler as lethal as a criminal genius. An increasing number of connected devices offer recruits ready for action in armies of botnets and malware attacks. The most modern 5G smartphones promise streaming of up to 100 Mbps and can receive downloads of up to 10 Gbps, and thus act as malware magnets as they travel through unknown WiFis and third-party app stores. The 23 billion IoT devices expected by 2025 will not fully adhere to the GSMA Association's guidelines, strong passwords and other security best practices.

Hackers use high-speed 5G networks to launch their attacks, as well as being able to exploit the known vulnerabilities of 3G and 4G networks, such as the GTP protocol, which are still used by operators that maintain a multigenerational environment.

The dangers of DDoS

The number of attacks tripled in 2020, largely due to the successful capture of IoT devices, as well as the inclusion of large or small-scale incidents that caused concern.

We witnessed a 2,3 Tbps attack against AWS in June 2020, a scale that even one of the world's largest technology companies would face the challenge of dealing with. On the other hand, 3/4 of the 2020 attacks were less than 5 Gpbs. Small-scale DDoS attacks can be especially problematic because they are small enough to pass through the operator's radar unscathed, and yet they are capable of devastating a company. It may also be the case that the operator does not have the option to simply turn off the affected node, since it may be providing essential services to other customers on the network, such as applications for telemedicine, intelligent mobility and public security.

Reshaping security to 5G

In the changing landscape of the 5G era and with the increasing size and frequency of DDoS attacks, service providers need to rethink their approach to protection. In the past, some have simply sought to “overcome” the attack by over-provisioning network elements that could be affected, such as DNS, SGW or PGW infrastructure, or by installing large DDoS mitigation devices in the hope of absorbing traffic. However, with attacks exceeding 2 Tbps, even a heavily equipped centralized data center would have difficulty resisting, and an MEC node would not stand a chance in the face of an attack even if it was small in the 12 Gbps range. The adoption of a strategic approach for detection and mitigation is now necessary.

The first fact that must be considered is that not all DDoS attacks present the same dangers or challenges. A total of 80% of the 10 million DDoS weapons tracked by the A10 use the same five protocols, making them relatively easy to detect and mitigate. Many of them are high-volume, high-impact attacks that are technically simple and can be tackled with measures such as anomaly filtering, blackholing (black holes in the network), rate limitation and IP blocking by destination. Low-volume attacks follow the same pattern.

The real challenge comes with attacks aimed at the middle of the volume scale, which are neither exceptionally large nor small, but which tend to be made using several more technically complex vectors, using less common protocols. In such cases, more sophisticated techniques are needed, which include pattern recognition, zero day automation and more complex multi-stage mitigation rules.

Operators need to be able to quickly determine what malicious traffic is and what is legitimate and respond as quickly. Since these attacks generally target individual subscribers and not just the network as a whole, mitigation must be applied surgically. Operators must be able to separate traffic that goes to the subscriber to be mitigated, while allowing other good traffic to pass unimpeded and thereby completely eliminate bad traffic.

The move to 5G does not have to be a dream come true for cyber criminals or a security nightmare for cell phone operators. With the right methods and tools, you can keep hackers out of your evolving network infrastructure to protect your customers and your business.

* Ivan Marzariolli is country manager for A10 Networks

Have you watched our new videos on the UAF YouTube-channel? Subscribe to our channel!