SlideShare a Scribd company logo

On the verge of fraud

P
PositiveTechnologies

Signaling security solutions are critical for protecting core networks. Telecom fraud these days can take many forms, from pervasive spam to gray routing and SIM farming. The good news is that it's possible to identify threats and attack scenarios for a solid knowledge of the potential risks. Doing so requires approaching the issues seriously and being aware of the ways to mitigate vulnerabilities. Watch the webinar to learn the types of SMS fraud attacks and detection techniques. With them, telecom companies can keep threats out and prevent revenue losses. Do you want to stay ahead of fraud and be protected without fear of costly failure? The key is to know your enemy! Follow us on LinkedIn to keep up with our upcoming webinars and events: https://www.linkedin.com/company/positive-tech/

Technology
1 of 19
Download to read offline
On the verge of fraud positive-tech.com
Who I am  Gained Ph.D. Of Telecommunaction in 2007  Worked 12 years for Leading Messaging company  Point of interest:  Messaging, VAS,  Spam, Flood and Fraud,  Support, R&D  Work for Positive Technologies, since 2019 Signaling System 7 (SS7) security report Vulnerabilities of mobile Internet (GPRS) 2014 2016 Primary security threats to SS7 cellular networks 2017 Threats to packet core security of 4G network Next-generation networks, next-level cybersecurity problems (Diameter vulnerabilities) 2018 Diameter vulnerabilities exposure report 2019 5G security analytics
V Who we are BANKINGERPICSWEBTELECOM Positive Technologies is a company with over 17 years of vulnerability assessment expertise and named a visionary company by Gartner. In 2018 Positive Technologies was named a Leading Signaling Firewall Vendor, by Rocco Research, with our threat detection and response champion PT Telecom Attack Discovery. THE LEADING SIGNALLING FIREWALL VENDORS OF 2018 V 900+ people worldwide and expanding V 10 countries Global Presence 17 years practical experience
What we do Competences: Identification of threats and possible attack scenarios in companies of any business sphere Global cybersecurity research Wide range of products and services portfolio: corporate, ICS, telecom, financial, media, retail, government National scale sports and government cybersecurity service provider Worldwide leadership Web Banking ERP Telecom IoT ICS More IT technologies penetrate into other segments
or unlawful gain SMS Fraud Spam on to secure unfair Flood Spoof Phishing Fraud Roaming intentional deception SMS Fraud is an
Ways to start it seems to be more available than are sometimes much Ways to start Grey routes Signalling fraud SIM farms
Detection techniques Conventional Adaptive
Conventional techniques ... Volumetric rules Manual intervention Keyword filters Sender volume or rate limitation against anti-flood Content volume or rate limitation using fixed fingerprint Keyword or phrase filters Signature filters using regular expressions Sender blacklist
Conventional techniques ...  Spread Sender over multiple numbers using SIM farm, Applications or Botnets  Campaign text variation  Homograph variation  URI camouflaging  Campaign switching Sender rate filter Sender volume filter Exact match filter Content rate filter Content volume filter Keyword filter
 http://bit.ly/1dNVPAW http://www.harmful_link.com/some_spam.html  "Do you wanna feel and taste real Jakarta massage? Call me now 088005557240 xxbz"  GET REPL1CA R0LEX W4TCH  GET REPLIСA ROLEX WАTCH 434845D09050205245504C49D0A14120524  http://bit.ly/1ArcpRU http://www.harmful_link.com/some_spam.html ...easy to avoid Campaign text variation  "Do you wanna feel and taste real Jakarta massage? Call me now 088005557240 xxaz" Homograph variation  GET REPLICA ROLEX WATCH  GET REPLICA ROLEX WATCH 43484541 50205245504C4943 URI camouflaging  http://bit.ly/1C0crhE http://www.harmful_link.com/some_spam.html Campaign Switching  Once caugth move to another campaign
Let´s group the campaigns Text variant Text similarity "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU! Register with ref code BIXDFQU at www.goo.gl/1C0crhE" 100% "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU. Register now with ref code BIXDFQU at www.goo.gl/1C0crhE" 90% "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU! Register now with ref code AHMTSLI at www.goo.gl/1C0crhE" 80% "URGENT: Your Mobile Nr 08705482542 was awarded an $100 Bonus Caller today. This is our 2nd attempt to contact YOU. Register now with raf code CIXDFQU at www.goo.gl/1C0crhE" 70% "Attention! Your Mobile Number 08705482542 was awarded a $100 Bonus today! We made 2 attempts to contact YOU! Please register at www.goo.gl/1C0crhE with the reference code AHMTSLI" 40% "URGENT! We are trying to contact U.Todays draw shows that you have won a $100 prize GUARANTEED. Call 090 5809 4507 from land line. Claim 3030. Valid 12hrs only" 20% BASE
Finding the verge 0 20 40 60 80 100 120 140 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 BURSTFOR300SWINDOW MSG/DAY Traffic distribution Human behaviour Anti Flood match Spam detection Max. Daily limit Bursting SIM farms Constant rate SIM farms Const rate limit Burst rate limit
Being smart  Find the fastest rate as possible before it gets blocked by any anti flood solution  Loop to verify message has been accepted and delivered  Distinguish, between human and robot Rate checker Canary account Social diagram
Adaptive techniques  Combine all together  All is triggered by Volumetric  Focus on Originated address  Focus on Fingerprint of the message  Focus on URL in the message content  Focus on Phone number in the message content  Temporary or permanent ban  Repeating suspicious pattern in one or more filter leads to blocking of message
SMS firewall position  FW is triggered by SMS-C via SMPP or Diameter  SMS-C already spent some resources  SMS-C may be overloaded by huge incoming traffic  Even the traffic is supposed to be dropped it consumed licenses and network resources  FW receives the traffic by STP overlay or FrontEnd proxy  Any suspicious traffic is dropped on the border (STP)  SMS-C is not abusing by detected/blocked spam SMS layer Signalling layer
NxFW approach SS7 Signaling Network MNO Home Signaling Network STP-1 STP-1 SS7 SS7 SS7 SS7 M3UA IPSP-1 | SMS FW-1 IPSP-1 | SMS FW-2 One SS7 OPC M3UAApplicationServer
Further SMS analysis Attack name Attack description 1 Inconsistent SMS source Sources of the SendRoutingInfoForSM and ForwardSM signaling messages related to the same short message are different. This indicates an attempt to bypass an inter-operator charging system. 2 ForwardSM (open SMS-C) A short message of an outbound roamer was sent to an open SMS-C instead of home one in order to bypass short message charging in roaming 3 ForwardSM (incorrect OA format) A mobile originating SMS was sent with incorrect address format of the SMS-C or MSISDN parameters in order to fool an inter-operator charging system. 4 ForwardSM (Home SMS-C spoofing) A mobile terminating SMS was sent with a spoofed SMS-C address by an address from the System owner range in order to bypass an inter-operator charging system 5 ForwardSM (foreign SMS-C spoofing) A mobile terminating SMS was sent with a spoofed SMS-C address by an address from foreign range in order to bypass an inter-operator charging system 6 ForwardSM (A2P SMS) A mobile terminating SMS from an external connection contains a TP-originating-address in Alphanumeric format in order to bypass charging of the A2P SMS traffic. 7 Spoofed MO SMS sender In MO-ForwardSM, the SCCP CgPA does not correspond to address of a node where the subscriber is registered. This can be an attempt to spoof the SMS sender address.
Delivering Security Audit Monitor Protect Auditing provides essential visibility to fully understand your ever-changing network risks. Non-stop real-time detecting is essential for verifying the effectiveness of network security and supporting rapid detection and mitigation. Completely secure your network by addressing both generic vulnerabilities and the threats that actually affect you as part of an ongoing process. by Positive Technologies
Thank you Milan Březina Pre-Sales engineer Milan.Brezina@positive-tech.com @positive-tech Positive Technologies

Recommended

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 

Recommended

Attacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsAttacks you can't combat: vulnerabilities of most robust MNOs
Attacks you can't combat: vulnerabilities of most robust MNOsPositiveTechnologies
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresTelecom under attack: demo of fraud scenarios and countermeasures
Telecom under attack: demo of fraud scenarios and countermeasuresPositiveTechnologies
 
Creating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyCreating a fuzzer for telecom protocol 4G LTE case study
Creating a fuzzer for telecom protocol 4G LTE case studyPositiveTechnologies
 
SS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkSS7: 2G/3G's weakest link
SS7: 2G/3G's weakest linkPositiveTechnologies
 
Simjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilitySimjacker: how to protect your network from the latest hot vulnerability
Simjacker: how to protect your network from the latest hot vulnerabilityPositiveTechnologies
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
SS7 Vulnerabilities
SS7 VulnerabilitiesSS7 Vulnerabilities
SS7 VulnerabilitiesPositiveTechnologies
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problemPositiveTechnologies
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Xura
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08Sunardi Fatan
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Gsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationGsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationJamal Meselmani
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET Journal
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Network and internet security
Network and internet securityNetwork and internet security
Network and internet securityKaviya452563
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksDefCamp
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
IRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network AttacksIRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network AttacksIRJET Journal
 
Sms terms and glossary
Sms terms and glossarySms terms and glossary
Sms terms and glossary2sms, LLC
 
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...Louis Göhl
 

More Related Content

What's hot

SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondPositiveTechnologies
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networksPositiveTechnologies
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationPositiveTechnologies
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesPositiveTechnologies
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problemPositiveTechnologies
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Xura
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteSurfWatch Labs
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Siddharth Rao
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Gsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationGsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationJamal Meselmani
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET Journal
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackRashi Dhagat
 
Network and internet security
Network and internet securityNetwork and internet security
Network and internet securityKaviya452563
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksDefCamp
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET Journal
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-JM code group
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security ServicesParviz Iskhakov, PhD
 
IRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network AttacksIRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network AttacksIRJET Journal
 

What's hot (20)

SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyondSS7: the bad neighbor you're stuck with during the 5G migration and far beyond
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
 
Positive approach to security of Core networks
Positive approach to security of Core networksPositive approach to security of Core networks
Positive approach to security of Core networks
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislationSecurity course: exclusive 5G SA pitfalls and new changes to legislation
Security course: exclusive 5G SA pitfalls and new changes to legislation
 
Telecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenesTelecom incidents investigation: daily work behind the scenes
Telecom incidents investigation: daily work behind the scenes
 
5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem5G mission diary: Houston, we have a problem
5G mission diary: Houston, we have a problem
 
Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...Signaling network vulnerabilities exposed, protection strategies for operator...
Signaling network vulnerabilities exposed, protection strategies for operator...
 
NGFW Brochure 08 08
NGFW Brochure 08 08NGFW Brochure 08 08
NGFW Brochure 08 08
 
How to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-SuiteHow to Raise Cyber Risk Awareness and Management to the C-Suite
How to Raise Cyber Risk Awareness and Management to the C-Suite
 
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
Unblocking Stollen Mobile Phones using SS7-MaP vulnerabilities
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Gsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situationGsm security- a survey and evaluation of the current situation
Gsm security- a survey and evaluation of the current situation
 
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
IRJET-Secured Approach for Authentication of Messages in Wireless Sensor Netw...
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
Network and internet security
Network and internet securityNetwork and internet security
Network and internet security
 
Privacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile NetworksPrivacy & Security Aspects in Mobile Networks
Privacy & Security Aspects in Mobile Networks
 
IRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and MitigationIRJET- Survey on Phishing Attack Detection and Mitigation
IRJET- Survey on Phishing Attack Detection and Mitigation
 
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSPROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKS
 
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
전력 계통망에 있어서 보안일반 및 이슈와 기술 그리고 정책 방향-소셜 네트워크 서비스 등 차세대 기술 환경 맥락으로-
 
The Digital Telecom. Security Services
The Digital Telecom. Security ServicesThe Digital Telecom. Security Services
The Digital Telecom. Security Services
 
IRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network AttacksIRJET- Analysis of Router Poisoning using Network Attacks
IRJET- Analysis of Router Poisoning using Network Attacks
 

Similar to On the verge of fraud

Sms terms and glossary
Sms terms and glossarySms terms and glossary
Sms terms and glossary2sms, LLC
 
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...Louis Göhl
 
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSPY24
 
SMS Blast Corporate Presentation
SMS Blast Corporate PresentationSMS Blast Corporate Presentation
SMS Blast Corporate PresentationACCENT Trading
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update WebinarcVidya Networks
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2BCamp
 
Chapter 7 - Wireless and Mobile Networks
Chapter 7 - Wireless and Mobile NetworksChapter 7 - Wireless and Mobile Networks
Chapter 7 - Wireless and Mobile NetworksAndy Juan Sarango Veliz
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingHoward Sterling
 
Tawi SMS Gateway Developer Guide
Tawi SMS Gateway Developer GuideTawi SMS Gateway Developer Guide
Tawi SMS Gateway Developer Guidetawi123
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom FraudJeraSoft
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeAlan Percy
 
Channel Mobile Offering - Africa
Channel Mobile Offering - AfricaChannel Mobile Offering - Africa
Channel Mobile Offering - AfricaShaun Marriner
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeTelcoBridges Inc.
 
Presentation antrax 30.10.13
Presentation antrax 30.10.13Presentation antrax 30.10.13
Presentation antrax 30.10.13Olya Saiko
 
Key Technologies In Mobile Media
Key Technologies In Mobile MediaKey Technologies In Mobile Media
Key Technologies In Mobile MediaGrant Fleming
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Denis Gorchakov
 
ITIL in Telecom part 2
ITIL in Telecom part 2ITIL in Telecom part 2
ITIL in Telecom part 2Utkarsh Verma
 
Cloudmarks bulk sms service
Cloudmarks bulk sms service Cloudmarks bulk sms service
Cloudmarks bulk sms service cloudmarks
 

Similar to On the verge of fraud (20)

Sms terms and glossary
Sms terms and glossarySms terms and glossary
Sms terms and glossary
 
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
SIA311 Better Together: Microsoft Exchange Server 2010 and Microsoft Forefron...
 
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdfSS7: Locate -Track - Manipulate Attack - SPY24™.pdf
SS7: Locate -Track - Manipulate Attack - SPY24™.pdf
 
SMS Blast Corporate Presentation
SMS Blast Corporate PresentationSMS Blast Corporate Presentation
SMS Blast Corporate Presentation
 
Fraud Management Industry Update Webinar
Fraud Management Industry Update WebinarFraud Management Industry Update Webinar
Fraud Management Industry Update Webinar
 
B2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the InboxB2B Email Deliverability - Getting to the Inbox
B2B Email Deliverability - Getting to the Inbox
 
pdf
pdfpdf
pdf
 
pdf
pdfpdf
pdf
 
Chapter 7 - Wireless and Mobile Networks
Chapter 7 - Wireless and Mobile NetworksChapter 7 - Wireless and Mobile Networks
Chapter 7 - Wireless and Mobile Networks
 
Rama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishingRama Mail the only solution that COMPLETELY prevents phishing
Rama Mail the only solution that COMPLETELY prevents phishing
 
Tawi SMS Gateway Developer Guide
Tawi SMS Gateway Developer GuideTawi SMS Gateway Developer Guide
Tawi SMS Gateway Developer Guide
 
How to Prevent Telecom Fraud
How to Prevent Telecom FraudHow to Prevent Telecom Fraud
How to Prevent Telecom Fraud
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
Channel Mobile Offering - Africa
Channel Mobile Offering - AfricaChannel Mobile Offering - Africa
Channel Mobile Offering - Africa
 
How to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-TimeHow to Prevent Telecom Fraud in Real-Time
How to Prevent Telecom Fraud in Real-Time
 
Presentation antrax 30.10.13
Presentation antrax 30.10.13Presentation antrax 30.10.13
Presentation antrax 30.10.13
 
Key Technologies In Mobile Media
Key Technologies In Mobile MediaKey Technologies In Mobile Media
Key Technologies In Mobile Media
 
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
Countering mobile malware in CSP’s network. Android honeypot as anti-fraud so...
 
ITIL in Telecom part 2
ITIL in Telecom part 2ITIL in Telecom part 2
ITIL in Telecom part 2
 
Cloudmarks bulk sms service
Cloudmarks bulk sms service Cloudmarks bulk sms service
Cloudmarks bulk sms service
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

On the verge of fraud

  • 1. On the verge of fraud positive-tech.com
  • 2. Who I am  Gained Ph.D. Of Telecommunaction in 2007  Worked 12 years for Leading Messaging company  Point of interest:  Messaging, VAS,  Spam, Flood and Fraud,  Support, R&D  Work for Positive Technologies, since 2019 Signaling System 7 (SS7) security report Vulnerabilities of mobile Internet (GPRS) 2014 2016 Primary security threats to SS7 cellular networks 2017 Threats to packet core security of 4G network Next-generation networks, next-level cybersecurity problems (Diameter vulnerabilities) 2018 Diameter vulnerabilities exposure report 2019 5G security analytics
  • 3. V Who we are BANKINGERPICSWEBTELECOM Positive Technologies is a company with over 17 years of vulnerability assessment expertise and named a visionary company by Gartner. In 2018 Positive Technologies was named a Leading Signaling Firewall Vendor, by Rocco Research, with our threat detection and response champion PT Telecom Attack Discovery. THE LEADING SIGNALLING FIREWALL VENDORS OF 2018 V 900+ people worldwide and expanding V 10 countries Global Presence 17 years practical experience
  • 4. What we do Competences: Identification of threats and possible attack scenarios in companies of any business sphere Global cybersecurity research Wide range of products and services portfolio: corporate, ICS, telecom, financial, media, retail, government National scale sports and government cybersecurity service provider Worldwide leadership Web Banking ERP Telecom IoT ICS More IT technologies penetrate into other segments
  • 5. or unlawful gain SMS Fraud Spam on to secure unfair Flood Spoof Phishing Fraud Roaming intentional deception SMS Fraud is an
  • 6. Ways to start it seems to be more available than are sometimes much Ways to start Grey routes Signalling fraud SIM farms
  • 8. Conventional techniques ... Volumetric rules Manual intervention Keyword filters Sender volume or rate limitation against anti-flood Content volume or rate limitation using fixed fingerprint Keyword or phrase filters Signature filters using regular expressions Sender blacklist
  • 9. Conventional techniques ...  Spread Sender over multiple numbers using SIM farm, Applications or Botnets  Campaign text variation  Homograph variation  URI camouflaging  Campaign switching Sender rate filter Sender volume filter Exact match filter Content rate filter Content volume filter Keyword filter
  • 10.  http://bit.ly/1dNVPAW http://www.harmful_link.com/some_spam.html  "Do you wanna feel and taste real Jakarta massage? Call me now 088005557240 xxbz"  GET REPL1CA R0LEX W4TCH  GET REPLIСA ROLEX WАTCH 434845D09050205245504C49D0A14120524  http://bit.ly/1ArcpRU http://www.harmful_link.com/some_spam.html ...easy to avoid Campaign text variation  "Do you wanna feel and taste real Jakarta massage? Call me now 088005557240 xxaz" Homograph variation  GET REPLICA ROLEX WATCH  GET REPLICA ROLEX WATCH 43484541 50205245504C4943 URI camouflaging  http://bit.ly/1C0crhE http://www.harmful_link.com/some_spam.html Campaign Switching  Once caugth move to another campaign
  • 11. Let´s group the campaigns Text variant Text similarity "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU! Register with ref code BIXDFQU at www.goo.gl/1C0crhE" 100% "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU. Register now with ref code BIXDFQU at www.goo.gl/1C0crhE" 90% "URGENT! Your Mobile No 08705482542 was awarded a $100 Bonus today! This is our 2nd attempt to contact YOU! Register now with ref code AHMTSLI at www.goo.gl/1C0crhE" 80% "URGENT: Your Mobile Nr 08705482542 was awarded an $100 Bonus Caller today. This is our 2nd attempt to contact YOU. Register now with raf code CIXDFQU at www.goo.gl/1C0crhE" 70% "Attention! Your Mobile Number 08705482542 was awarded a $100 Bonus today! We made 2 attempts to contact YOU! Please register at www.goo.gl/1C0crhE with the reference code AHMTSLI" 40% "URGENT! We are trying to contact U.Todays draw shows that you have won a $100 prize GUARANTEED. Call 090 5809 4507 from land line. Claim 3030. Valid 12hrs only" 20% BASE
  • 12. Finding the verge 0 20 40 60 80 100 120 140 0 500 1000 1500 2000 2500 3000 3500 4000 4500 5000 BURSTFOR300SWINDOW MSG/DAY Traffic distribution Human behaviour Anti Flood match Spam detection Max. Daily limit Bursting SIM farms Constant rate SIM farms Const rate limit Burst rate limit
  • 13. Being smart  Find the fastest rate as possible before it gets blocked by any anti flood solution  Loop to verify message has been accepted and delivered  Distinguish, between human and robot Rate checker Canary account Social diagram
  • 14. Adaptive techniques  Combine all together  All is triggered by Volumetric  Focus on Originated address  Focus on Fingerprint of the message  Focus on URL in the message content  Focus on Phone number in the message content  Temporary or permanent ban  Repeating suspicious pattern in one or more filter leads to blocking of message
  • 15. SMS firewall position  FW is triggered by SMS-C via SMPP or Diameter  SMS-C already spent some resources  SMS-C may be overloaded by huge incoming traffic  Even the traffic is supposed to be dropped it consumed licenses and network resources  FW receives the traffic by STP overlay or FrontEnd proxy  Any suspicious traffic is dropped on the border (STP)  SMS-C is not abusing by detected/blocked spam SMS layer Signalling layer
  • 16. NxFW approach SS7 Signaling Network MNO Home Signaling Network STP-1 STP-1 SS7 SS7 SS7 SS7 M3UA IPSP-1 | SMS FW-1 IPSP-1 | SMS FW-2 One SS7 OPC M3UAApplicationServer
  • 17. Further SMS analysis Attack name Attack description 1 Inconsistent SMS source Sources of the SendRoutingInfoForSM and ForwardSM signaling messages related to the same short message are different. This indicates an attempt to bypass an inter-operator charging system. 2 ForwardSM (open SMS-C) A short message of an outbound roamer was sent to an open SMS-C instead of home one in order to bypass short message charging in roaming 3 ForwardSM (incorrect OA format) A mobile originating SMS was sent with incorrect address format of the SMS-C or MSISDN parameters in order to fool an inter-operator charging system. 4 ForwardSM (Home SMS-C spoofing) A mobile terminating SMS was sent with a spoofed SMS-C address by an address from the System owner range in order to bypass an inter-operator charging system 5 ForwardSM (foreign SMS-C spoofing) A mobile terminating SMS was sent with a spoofed SMS-C address by an address from foreign range in order to bypass an inter-operator charging system 6 ForwardSM (A2P SMS) A mobile terminating SMS from an external connection contains a TP-originating-address in Alphanumeric format in order to bypass charging of the A2P SMS traffic. 7 Spoofed MO SMS sender In MO-ForwardSM, the SCCP CgPA does not correspond to address of a node where the subscriber is registered. This can be an attempt to spoof the SMS sender address.
  • 18. Delivering Security Audit Monitor Protect Auditing provides essential visibility to fully understand your ever-changing network risks. Non-stop real-time detecting is essential for verifying the effectiveness of network security and supporting rapid detection and mitigation. Completely secure your network by addressing both generic vulnerabilities and the threats that actually affect you as part of an ongoing process. by Positive Technologies