Scribd
Upload
18 views22 pages

Security Mobile Wireless Networks ch1

System Security

Uploaded by

Ayeah Godlove
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views22 pages

Security Mobile Wireless Networks ch1

System Security

Uploaded by

Ayeah Godlove
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Security of Wireless and Mobile

Networks

Mohamed Hamdi
Course Agenda
● Chapter 1: Attacks on Wireless and Mobile Networks
Chapter 2: Physical Security for Wireless and Mobile

Networks
Chapter 3: Privacy-preserving Security Schemes for

Wireless and Mobile Networks


Chapter 4: Trust Models for Wireless and Mobile

Networks
Chapter 5: Security Assurance Schemes for Wireless

and Mobile Networks


Chapter 1:

Attacks on Wireless andMobile


Networks
Section 1.1: Anatomy of Cybersecurity Attacks
Attack trends
Evolution of the threat landscape
●The landscape of cyber attacks has transformed
significantly between 2014 and 2024, shaped by:
–advancements in technology,
–the increasing sophistication of attackers, and
– evolving geopolitical tensions.
2014-2016: The Rise of Ransomware
and State-Sponsored Attacks
● Ransomware Emergence:
● Ransomware attacks began to gain traction, with notable
incidents like the CryptoLocker outbreak in 2013 leading to a
surge in similar attacks. By 2016, ransomware had become a
major threat, targeting both individuals and organizations.
● State-Sponsored Attacks:
● The Sony Pictures hack in late 2014, attributed to North
Korean hackers, marked a significant escalation in state-
sponsored cyber warfare, demonstrating the potential for
cyber attacks to have geopolitical implications.
2017-2019: Increased Sophistication
and Targeting
● WannaCry and NotPetya:
● In 2017, the WannaCry ransomware attack affected hundreds
of thousands of computers worldwide, exploiting
vulnerabilities in Windows. Following this, the NotPetya attack
in 2017 targeted Ukrainian infrastructure but quickly spread
globally, causing billions in damages.
● Supply Chain Attacks:
● The SolarWinds attack in 2020 revealed vulnerabilities in
software supply chains, where attackers compromised widely
used software to infiltrate numerous organizations, including
U.S. government agencies.
2020-2022: Expansion of Attack
Vectors
● DDoS Attacks:
● The frequency and scale of Distributed Denial of Service
(DDoS) attacks increased dramatically. For instance, a
record-breaking DDoS attack on Google was reported in
October 2020, reaching unprecedented bandwidth levels.
● Exploitation of Remote Work:
● The COVID-19 pandemic accelerated the adoption of remote
work, leading to increased phishing attacks and exploitation of
unsecured home networks. Cybercriminals targeted remote
access tools and VPNs used by businesses.
2023: New Frontiers and AI
Integration
● Generative AI Threats:
● The use of generative AI for crafting sophisticated phishing
scams emerged as a new challenge. Cybercriminals began
utilizing AI-generated deepfakes for social engineering
attacks.
● Double and Triple Extortion Ransomware:
● Attackers increasingly employed double extortion tactics-
encrypting data while also threatening to leak sensitive
information. This trend saw a rise from 40% in 2019 to 77%
by 2022.
2024: Current Trends and Future
Directions
● State-Sponsored Cyber Warfare:
● Ongoing geopolitical conflicts have intensified state-
sponsored cyber activities. Multiple countries have been
implicated in various cyber espionage campaigns targeting
critical infrastructure and government entities across the
globe.
● Cloud Security Vulnerabilities:
● As organizations continue to migrate to cloud services,
vulnerabilities associated with cloud security have become
more pronounced. Attacks exploiting these weaknesses are
expected to rise.
2024: Current Trends and Future
Directions
● Insider Threats and BYOD Challenges:
● With the increase in remote work and BYOD (Bring Your Own
Device) policies, insider threats—both malicious and
accidental—are becoming a significant concern for
organizations
2024: Current Trends and Future
Directions
Section 1.2: Case Studies
Kyivstar Attack
(December 2023)
● Location: Ukraine
●Impact: Over 24 million customers lost mobile services
for 48 hours.
● Details:
• Hackers wiped thousands of virtual servers and PCs,
destroying critical infrastructure.
• The attack also disrupted essential services like air raid
sirens and banking systems.
• It was reported that attackers had access to Kyivstar's
systems for several months prior to the incident, allowing
them to steal sensitive information before executing the
wipe.
T-Mobile Breach
(October 2024)
● Location: United States
Impact: Considered the "worst telecom hack in U.S.

history."
● Details:
• Chinese hackers, identified as part of the Salt Typhoon
group, accessed customer call records, potentially listening
to calls and reading text messages.
• The breach raised alarms about national security and
highlighted vulnerabilities in the telecommunications
infrastructure across multiple major providers, including
AT&T and Verizon.
AT&T Metadata Breach
(April 2024)
● Location: United States
●Impact: Metadata of approximately 109 million
customers leaked.
● Details:
• A breach of AT&T’s Snowflake cloud workspace led to the
exfiltration of call and text metadata, including phone
numbers and cell tower identification numbers.
• This incident raised concerns about privacy and the
potential for geolocation tracking of customers.
Orange España Disruption
(January 2024)
● Location: Spain
●Impact: Significant degradation of mobile browsing
services.
● Details:
• A malicious actor accessed critical network configuration
systems due to an employee's infected computer, leading to
a disruption in internet traffic routing for about three hours.
Mint Mobile Data Breach
(December 2023)
● Location: United States
● Impact: Personal data exposure of customers.
● Details:
• The breach revealed sensitive customer
information, including SIM and IMEI numbers,
which could facilitate SIM swap attacks—allowing
attackers to hijack phone numbers for malicious
purposes.
Section 1.3: Security, Trust, and Assurance
Security vs Trust vs Assurance
(Cambridge Dictionary of English)

● Security

● Trust

● Assurance
Examples
● Firewall
● Intrusion Detection and Prevention System
● SOC
● PKI
● Blockchain
● Common Criteria

You might also like