How to foil flubots: an operator’s guide
In this article:
Flubots are on the march! In our last post, we took a look at how the telecoms infrastructure is under siege from flubots. Now let’s take a look at what mobile operators can do to protect their networks and customers.
In an ideal world, a silver bullet would take care of all the flubots. In the real world, though, no such bullet exists. As flubots can evolve quickly, operators need to arm themselves, instead, with defenses designed to protect A2P and P2P traffic.
It’s not enough to check URLs or filter out connections that exceed their message quota - flubot attacks are too complex and dynamic. They roam across borders and networks, they disguise themselves, and they’re crafty.
It’s time to layer up
The best way to protect telecom infrastructure and customers? Take a layered approach. Continuous policy upgrades, multiple automated filtering and blocking systems, and a dedicated team of experts to quickly identify and counter new threats.
The first layer of defense is to keep anti-malware policies up-to-date. This is crucial but is not enough to keep the flubots at bay.
Automated content inspection
The second layer of defense is to look at message content for suspicious words or links. If anything seems out of place, block the message instantly.
Automating an inspection process is key for both regulatory and cost reasons. A top-notch solution with multiple algorithms and advanced syntax detection ability can reverse engineer message content and create what’s known as a malware fingerprint.
Once a fingerprint is created, the system can then check global malicious message databases. But, a simple check with a single database still might not be enough because it’ll only capture a fraction of the malicious message.
The final layer of defense
The third layer of defense, installing an anti-spam system or a firewall, does not solve the flubot problem either. Flubot operators can change SMS templates every couple of hours and alter the links in SMS every couple of minutes. As we’ve said, they’re crafty.
The flubot creators, or botmasters, have typically hacked hundreds of legitimate websites, which they then use as redirects. They rotate these websites regularly, so any no-go lists created are quickly out of date and can actually end up blocking legitimate websites.
There’s more though, botmasters like to add random letters as a prefix or postfix, capitalize words, or deliberately misspell words to avoid detection.
To make any headway with flubots, operators need a final layer of defense. A dedicated team of A2P and P2P experts or a managed service with powerful reporting tools to spot suspicious messages and patterns in SMS traffic.
Working with the experts
Once all the layers of defense are in place – you can say goodbye to flubots.
But what if resources are a problem? Not to worry, Sinch can help.
Sinch’s SMS Transformation solution has all the layers of defense covered. How can we be so sure? Well, a trial exercise in September this year with an operator in the Asia-Pacific region saw impressive results. Sinch stopped all flubot attacks before end-users noticed a thing.
Taking on flubots is not something operators could or should do alone; unless they have an entire unit to deal with it. Even then, having an anti-spam or fraud team in-house can be an expensive distraction from core business activity.
Find out how SMS Transformation can help in the fight against flubots and discover how reliable and safe SMS can be when it's done right!