Digital connectivity is booming. As of 2023, more than 90% of the world’s population is covered by 4G, and almost a third (32%) is covered by 5G. That’s according to data from the GSMA, an organization that represents the interests of mobile network operators and the mobile ecosystem worldwide.  

Mobile networks are the lynchpin on which modern society functions, and the gateway to advanced connectivity use-cases in applications like finance and healthcare, but with geopolitical tensions rising and new technologies such as generative AI now surfacing, those networks are increasingly coming under threat. Those threats include the interception of communications, unauthorized access to network infrastructure, identity theft through SIM swapping or device exploitation, and more. Operators are also facing increasingly sophisticated denial of service (DoS) attacks, which disrupt service availability, and man-in-the-middle (MitM) attacks, which can intercept and alter data in transit between users. 

 These threats are relentless and evolving at pace, and IT security frameworks such as MITRE ATT&CK® and MITRE FiGHT™, while still highly relevant and useful, are struggling to keep up. In response to the growing threat to the mobile ecosystem, the GSMA has launched a new mobile-specific IT security framework known as the Mobile Threat Intelligence Framework (MoTIF). Chaired by Enea VP of Technology, Cathal Mc Daid, and developed within the GSMA’s Fraud and Security Group (FASG) together with other GSMA members, MoTIF addresses a long-standing gap in the mobile telecoms community by providing a structured way to classify and deconstruct adversary tactics and techniques that are unique to mobile environments. 

Why is MoTIF needed? 

Until now, attack information specific to mobile networks has been fragmented and unstructured, lacking consistent, actionable definitions. This has hindered the effective sharing of important insights within the telecom community, who have had to adapt and use broad frameworks such as MITRE ATT&CK® and MITRE FiGHT™ as best they can. MoTIF has been developed to work alongside and complement these existing frameworks, accelerating the sharing of intelligence to help defenders better understand threats and ultimately build up their defences. 

Unlike broader cybersecurity frameworks that may not fully cover the nuances of mobile technology, MoTIF dives deep into the specific tactics, techniques, and procedures (TTPs) that are prevalent in attacks against mobile infrastructure and services. This detailed focus facilitates a more precise and effective response to mobile-specific threats. 

It also introduces a structured taxonomy that maps out these threats in a comprehensive manner, allowing for better understanding and communication among network operators, security professionals, and stakeholders within the telecommunications industry. By classifying and describing mobile threats with such granularity, MoTIF ensures that the subtleties of mobile network attacks—ranging from core network exploitation to subscriber identity compromises—are thoroughly documented and accessible for proactive defense measures. 

What are the key features of MoTIF? 

MoTIF isn’t designed to replace existing IT security frameworks; it’s simply there to provide an added layer of actionable guidance specific to the telecom industry. For instance, it distinctly outlines threats such as “Exploit via Radio Interface,” where adversaries may leverage vulnerabilities within the radio access network (RAN) to initiate attacks, or “IMSI Spoofing,” targeting the International Mobile Subscriber Identity to impersonate users. By providing these explicit categories and taxonomies, MoTIF allows security professionals to quickly understand and identify the nature and mechanism of attacks, which is crucial for rapid response and mitigation. 

Beyond classification, MoTIF enhances threat intelligence capabilities by incorporating real-world examples and scenarios into its framework. For instance, in the sub-techniques section, where each main technique is broken down further to showcase specific vectors of attack, MoTIF might list specific techniques such as “Scanning of Exposed APIs” or “Exploitation of Misconfigured Network Gateways,” which offer tangible insights into potential entry points for attackers, rather than simply refer to “Network Discovery” as a general point of vulnerability. This level of detail not only aids in the training and preparedness of security teams but also ensures that preventative measures can be tailored to protect against specific vulnerabilities identified within the framework. What’s more, MoTIF is designed to be dynamic, with the capability to integrate new threats and techniques as they emerge, ensuring the framework remains relevant in the face of rapidly evolving mobile security challenges. 

A win for collaboration 

The development of MoTIF is a prime example of effective collaboration within the mobile telecoms community – something the industry will need to do more of if it is to overcome the mounting threats it faces. Spearheaded by the GSMA’s Fraud and Security Group and chaired by Cathal Mc Daid of Enea, MoTIF’s creation was a concerted effort that drew on the expertise of various GSMA members who contributed their insights and experience. This collaborative approach not only enriches the framework with a diverse range of perspectives but also fosters a sense of shared responsibility among telecom operators, security vendors, and other industry participants.  

As this framework continues to evolve, it promises to not only defend against current threats but also to shape the future of mobile network security by fostering an environment of continuous innovation and shared vigilance. 

Enea’s experts and technologies are at the forefront of network security innovation, helping operators, governments, and regulators defend against threats that are constantly evolving. Speak to one of our network security specialists to find out how we can help you establish and maintain robust security in your network.