《【研报】《GSMA移动通信安全现状(GSMAMobileTelecommunicationsSecurityLandscape)》.docx》由会员分享,可在线阅读,更多相关《【研报】《GSMA移动通信安全现状(GSMAMobileTelecommunicationsSecurityLandscape)》.docx(20页珍藏版)》请在第壹文秘上搜索。
1、ContentsGSMACTOForeword1GSMAFraudandSecurityGroupChair2Chair,GSMAFraudandSecurityGroup&CEOxCopperHorse1.td21.KeyPoints31. Introduction53. AttacksonOperators7Ana1.ysis84. Attacksonvirtua1.isedinfrastructure10Ano1.ysis105. Supp1.yChains12Anctysis126. G1.oba1.Tit1.eAbuseandInterconnect14Anctysis15Ma1.w
2、are&Ransomware16Anctysis178. Spyware18Anctysis189. Mobi1.eAppSecurity20Ana1.ysis21ID.NewandRepackagedFraudTypes22Anotysis23I1.Theemergingsecurityoperatingcontext24AForward1.k26Summary2911Fina1.thoughts30GSMAMobi1.eTQieCoEmUn心tkonsSecurityUndscapeGSMACTOForewordAs5Gusagegatherspaceinbothconsumeranden
3、terprisesettings,itsbenefitswi1.1.spreadacrosstheg1.oba1.economy.Wereachedmorethan1.4bi1.1.ion5Gconnectionswor1.dwideattheendofQ32023.And,today,over270mobi1.eoperatorsinmorethan100marketshave1.aunchedcommercia1.5Gservices.5Gmobi1.econnectivityisexpectedtoaddnear1.y$1tri1.1.iontotheg1.oba1.economyby2
4、030zwitha1.mostha1.fofthiscomingfromnewenterpriseservicesandapsracrosssectorsinc1.udingfinance,hea1.thcare,andeducation.5Gnetworksdefcveraspartofomu1.tigenerationa1.evo1.utionofmobi1.einfrastructure.2G,3Gond4Gnetworkscontinuetode1.iverservicesacrosstheg1.obeondsuchconnectivitybecomesevermorefundamen
5、ta1.toourdai1.y1.ives.Assuch,thecybersecurityofthosenetworksisafundamenta1.techno1.ogyenob1.efthatisincreasing1.ymandatedbygovernmentsandrequiresconstantscrutinyandinvestmenttokeeppacewiththechangingthreatnaturedescribedinthis,andpreviousGSMAmoWete1.ecommunicationsecurity1.andscapereports.Thisthreat
6、1.andscapereportp1.aysakeyro1.eincommunicatingtheongoing,evo1.vingandesca1.atingnatureofthethreatsfacingorindustry.Important1.y,thereportdrw5onbothpub1.icsourcesandreportsfromwithintheGSMAsecuritycommunity.Pieosetakethetimetoreadthisreportandgetinvo1.vedinourteamefforttoincreasetheprotectionofoperat
7、ordep1.oyedtechno1.ogyandinfrostrcture,customeridentity,securityandprivacy.ExistingGSMAmemberscancontinuetocontributetooursecurityworkandareencouragedIoapp1.yGSMAsecurityguide1.inesandfecom11endotionswithintheirbusinesses.Oefogetinvo1.ved:theycondosobyjoiningtheGSMA.whichwi1.1.ensureaccesstoobreadth
8、ofsecurityodviceandbestpractices.GSMAFraudandSecurityGroupChairThepastyearhasbeenanothereventfu1.oneinthemobi1.esecuritywor1.d.Conf1.ictsaroundtheg1.obehaveoftenfocusedonte1.ecomstechno1.ogiesandservices,eitherasadirecttargetorasaroutetoanothertarget.Inaddition,crimina1.attackscanandhavebeendevastat
9、ing;ransomwareisaconstantanxietyandthetechniquesforcompromisingbusinesseshavebecomeincreasing1.yeffective,oftenfocusingonindividua1.emp1.oyeesandsocia1.engineering.TocircumventdefensivemeasuresOttackersoftenseektocompromiseotherpartsofthesupp1.ychainandabusethetrustre1.ationshipsbetweenorganisations
10、.Thisissomethingthatwe,1.1.needtocontinuetoaddressasanindustry,a1.ongwithothersupp1.ychainconsiderationssuchasdea1.ingwithdep1.oyed,commonvu1.nerabi1.itiesinsoftware1.ibrariesinaneffectiveandswiftmannersuchthattheexposureofattacksurfacesisminima1.WecontinuetoseeIorgeamountsoffraudg1.oba1.1.y.usingma
11、nydifferenttechniques.Ina1.mosta1.1.ofthese,inc1.udingwheresocia1.engineeringbinvo1.ved,thereareunder1.yingtechnica1.VuInerabiStiesthathavebeendiscoveredandthenexp1.oitedassomepartoftheattackchain.Ourindustryneedstoensurethat!heinfe1.1.igenceaboutnewandmergingfraudsissharedanddisseminatedquick1.yand
12、mostimportant1.y-acteduponJnordertoeffective1.ytakethefighttothefraudsters,1.eavingthemveryfett1.eopportunitytoexp1.oitsystemsandsubscribers.Ourjobindefendingagainstthethreatstomobi1.eiswhatIca1.1.theJanusproWem,.WearerequiredIoboth1.ookbackata1.1.th1.egacysystemsthatweneedfoprotectagainsto1.dandnew
13、attacks,buta1.sofo100kforwardandprotectnew5Gnetworksthatarebeingdep1.oyed,wi1.ethinkingaboutWhaifuturenetworksecurity1.ooks1.ikeandwhatattackswemayface.Akeyareaoffocusthisyearforuswasaddressingcommercia1.spywarevectors,whichoftenuseacombinationofo1.dandnewtechno1.ogies.Wewi1.1.continuetoidentifythet
14、echniques,tacticsandproceduresofthesethreatactorsinordertomokethemobi1.enetworkohosti1.eenvironmentforthemtooperatewithin.Thereisonincreasingrecognitionoftheimportanceofmobi1.ete1.ecomssecurityinprotectingcritica1.systemsandtheconsequencesoffaureforindividuatethroughtobusinesses.Thesecurityactionsth
15、atwe,vetakenasanindustryandtherecommendationsthatwehavedeve1.opedarebothmirroredin,andinformcybersecuritypo1.icydeve1.opmentbygovernmentsoroundthewor1.d.Thereisabroadcommitmentbyoi1.tomeetthecha1.1.engesfaced,butitisa1.sogettingmoreonerousforbusinesseswhomaynothavetheresourcestofixa1.1.themanyissues
16、,particu1.ar1.ywith1.egacytechno1.ogies.Thiscanseemanimpossib1.echa1.1.enge,howevertheseprobtemswi1.1.notgoawayandthereisnohidingfromattack-theymustbeaddressed.TheGSMAFraudandSecurityGroup(FASG)Imunityofexpertsinmobi1.etechno1.ogiesthotconhe1.pyourcompany,sop1.easejoinUSandgetinvo1.ved.IDavidRogersMBEChai