5G Technology World

  • 5G Technology and Engineering
  • FAQs
  • Apps
  • Devices
  • IoT
  • RF
  • Radar
  • Wireless Design
  • Learn
    • 5G Videos
    • Ebooks
    • EE Training Days
    • FAQs
    • Learning Center
    • Tech Toolboxes
    • Webinars/Digital Events
  • Handbooks
    • 2024
    • 2023
    • 2022
    • 2021
  • Resources
    • Design Guide Library
    • EE World Digital Issues
    • Engineering Diversity & Inclusion
    • Engineering Training Days
    • LEAP Awards
  • Advertise
  • Subscribe

The Ongoing Cyberwar Between Security And Hackers

By Michael Luciano | April 21, 2017

One of the greatest parts about attending Inform[ED] was being introduced to the different perspectives and aspects that go into cybersecurity. You realize very quickly how cybersecurity isn’t as simple as firewalls and computer viruses, but is truly an ongoing evolutionary battle between cybercriminals and security entities that are fighting to get one step ahead of the other. One of the panel speakers I was fortunate to interview was Brian Rexroad, Vice President of security platforms at AT&T. Mr. Rexroad took some time and offered his insight on the techniques cybersecurity firms use to detect impending or active threats, how they manage around “gray areas” involving customer privacy, and more.

WDD: From your experiences, what (if any) are some for the early recognizable signs of an attempted or impending large-scale network attack (think Mirai, Ukraine, Finland incidents)?

Rexroad: The early indications we try to pick up on for something like Mirai (which propagates by scanning for targetable devices), involve trying to find in the flow activity of the network—characteristics that point to devices scanning the Internet for vulnerabilities. We’ll try to determine if the reasons another device is scanning an Internet network are legitimate, since there are multiple companies that scan for security, consumer, and other service-related purposes. Statistically speaking, when you start to see increases in a number of sources that are doing scanning with particular patterns, it’s probably an indication that a botnet is building up. So that’s what we try to look for, which is a network-level indicator.

There are other ways to build botnets. You can use search engine services like Google to research devices that have specific vulnerabilities rather than search the Internet for them. We also try to look for characteristics or behaviors are coming from something we’ve identified as a building botnet. The most obvious ones are indications of DDoS attacks, which you can see in a network’s behavioral activities. We have tooling to be able to detect anomalies on the network. For something like DDoS attacks, we use arbor networks, which we’ve equipped to analyze full data and use to the capabilities they have. We’ve supplemented that with some of our own capabilities we’ve built from the ground up like an internally-developed platform we used to try and find early indications of security-related events.

WDD: What different approaches do ISPs make in mitigating and preventing cyberattacks on IoT devices compared to conventional desktop/laptop computers?

Rexroad: I tend to go back and determine what defines an IoT device. I like to make a distinction more in terms of the problems it (the IoT device) creates or solves from a networking point of view, and to what extent they’ve taken security into account. A real problematic IoT device is one that gets flooded out into the market without updating capabilities, one that you plug it into the network and has default a password that could easily be compromised, and also uses universal plug-and-play to expose itself to the Internet because it’s convenient. The categories you put these IoT devices into really make a big difference. When we see a customer with a problem for example, we try to give them helpful information. Part of the problem with some of these devices winds up being that the device shouldn’t be connected to the network in the first place.

WDD: In the ISP field with AT&T, what are some particular types of malware and cyberattacks you look out for that aren’t necessarily a threat in other industry fields?

Rexroad: I don’t know if I really have a clear answer to this question, but I will start by saying that AT&T’s branches and services expand beyond ISP. The first order of business for anything we provide, is to make sure the infrastructure supporting those services has good integrity from a security standpoint. We try to provide a quality service, and what things might impact the service we provide to customers is something we determine. The first thing that comes to mind is something that might clog the network and have a derogatory impact on customers. How that manifests in a mobility environment might not be the same as how it manifests in the Internet backbone environment.

We focus on these factors because if we have customers that are impacted by attacks like Mirai or DDoS, it’s more than likely going to have an impact on their status as a subscriber to our service, and misconstrue their experience and opinion of the company. We’re clearly motivated to do things that are right by our customers. From a global perspective, we have programs like ThreatTrack, which enables us to share information on what we know about some of these things (cyber threats) that are developing with people who have an interest or opportunity to try and do something about that. We’ll even share some of our information (to a certain extent because of customer privacy laws) with law enforcement agencies like the FBI, who in turn will look into looming threats we perceive as concerning like they did with the Mirai incident.

WDD: How do you navigate through some of the “gray areas” where security conflicts with instances like privacy issues for customers?

Rexroad: The first thing we try to do is minimize how invasive our analyses are. Most of our analysis reviews the flow level in the network, which looks at a detailed record of the source and destination addresses, port protocol, account of how many bytes and packets are conveyed, along with the times these transactions start and end. Our analytical methods contain some information about the fact that a transaction occurred but it doesn’t give you any content associated with those transactions. Doing that level of flow analysis reveals behavioral patterns in the network. Those are good starting points for being able to analyze any anomalies and use that as a means to help direct efforts to very specific areas where activity looks suspicious. The second is that a lot of data is collected exclusively and specifically for security analysis. It’s a matter of making sure what we’re doing is for the good of the customers.

WDD: Considering how the methodology of cybercriminals continuously evolves, what are some previously-effective cybersecurity defenses and methods that new cybercriminal evolution has made irrelevant or obsolete?

Rexroad: One of the things I’m very thankful for is when Microsoft went from voluntary to automatic updates. If you look at the big security issues back in the early-mid 2000s, they all trace back to Windows computers. Not because they were the only ones around (they were predominant but not the exclusive model), but because Microsoft reverted to automatic software updates. You have to basically change the configuration so you will give it (computer) permission to do updates. That has made a tremendous improvement in the security of computers. That’s why I keep emphasizing you won’t be able to anticipate what all the problems are on these IoT devices, but if you can change and fix them upon discovery, you can move on in a happier way.


Filed Under: RF

 

Next Article

← Previous Article
Next Article →

Related Articles Read More >

Open RAN test service adds colocation capabilities
Switch operates DC to 20 GHz with 128 configurable connection states for asymmetric SerDes testing
Butler Matrix
Butler Matrix drives Wi-Fi and other phased-array antennas
Long-wire dipole antennas: still viable after more than a century

Featured Contributions

  • Overcome Open RAN test and certification challenges
  • Wireless engineers need AI to build networks
  • Why AI chips need PCIe 7.0 IP interconnects
  • circuit board timing How timing and synchronization improve 5G spectrum efficiency
  • Wi-Fi 7 and 5G for FWA need testing
More Featured Contributions

EE TECH TOOLBOX

“ee
Tech Toolbox: 5G Technology
This Tech Toolbox covers the basics of 5G technology plus a story about how engineers designed and built a prototype DSL router mostly from old cellphone parts. Download this first 5G/wired/wireless communications Tech Toolbox to learn more!

EE LEARNING CENTER

EE Learning Center
“5g
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest info on technologies, tools and strategies for EE professionals.

Engineering Training Days

engineering
“bills
5G Technology World
  • Enews Signup
  • EE World Online
  • DesignFast
  • EDABoard Forums
  • Electro-Tech-Online Forums
  • Microcontroller Tips
  • Analogic Tips
  • Connector Tips
  • Engineer’s Garage
  • EV Engineering
  • Power Electronic Tips
  • Sensor Tips
  • Test and Measurement Tips
  • About Us
  • Contact Us
  • Advertise

Copyright © 2025 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy

Search 5G Technology World