According to the monitoring results of Positive Technologies, attackers monitor subscribers, intercept calls, bypass tariff systems, block users.
Only one large operator with a subscriber base of several tens of millions of people is exposed daily to more than 4,000 cyber attacks. According to the results of the research (PDF), 100% of attacks aimed at intercepting SMS messages are successful for intruders. At the same time, the theft of single-use codes transmitted in this way is fraught with the compromise of RB systems, mobile banks, online shops, government service portals and many other services. In 2017, an example of such an attack was the interception of SMS messages from subscribers of a German mobile operator, as a result of which money was stolen from bank accounts of users.
Another type of attack - denial of service - poses a threat to electronic devices of the Internet of things. Today, not only individual user devices are connected to mobile communication networks, but also smart city infrastructure elements, modern industrial enterprises, transport, energy and other companies.
Serious concerns are also connected with fraud in relation to the operator or subscribers. An essential part of these attacks was the unauthorized sending of USSD-requests (81%). Such requests allow you to transfer money from a subscriber's account, sign a subscriber for an expensive service or send a phishing message on behalf of a trusted service.
The safety of mobile networks is still at a low level, as evidenced by the results of the security analysis of SS7 networks presented in the first part of the report. The sample included data from 24 most informative projects in the networks of operators in Europe (including Russia) and the Middle East in 2016-2017, half of which have a subscriber base of more than 40 million people.
In almost every network, you can listen to the conversation of a subscriber or read incoming SMS messages, and fraudulent operations can be successfully carried out in 78% of networks. All networks contain dangerous vulnerabilities, which allow to disrupt the availability of services for subscribers.