The Mobile Technology Congress 2025 held in Barcelona exceeded expectations – a ground-breaking event with 109,000 participants from 205 nations, featuring over 2,900 exhibitors, sponsors, and collaborators presenting a remarkable variety of state-of-the-art subjects, from 5G and IoT to Integrated Security for the AI-guided Tomorrow.
Ast Cisco in the spotlight, they exhibited a range of innovations, including cutting-edge secure connection solutions, showcasing upcoming wireless technologies, and unveiling multiple significant media announcements that emphasized their dedication to shaping the landscape of digital communications.
Cisco’s Unified Cisco strategy was prominently showcased, merging networking, safety, perceptiveness, and Splunk solutions to provide exceptional results. This comprehensive approach indicates how customers can attain AI-prepared data centers, future-proof workplaces, and digital durability.
Cisco at MWC 2025: An Innovation Dynamo
In the signature Cisco style, their booth wasn’t merely a space but a center of originality and cooperation. Featured Live Demonstrations included:
Key Takeaways from Previous Occasions
Expanding on their learnings fromBlack Hat, NFL Super Bowl, RSA Conference, and others, the Team brought the same vigor and technical discipline to MWC 2025. Leveraging the operational excellence honed at those events, the SNOC squad blended cutting-edge security tools with real-time network supervision to guarantee seamless event operations.
The Splunk Cloud served as the data platform, with Add-ons for data intake:
Through these connections, our SOC squad could craft a SNOC dashboard at a CISO level for crucial telemetry from all network and security origins.
There were also dashboards at the SOC Manager level for XDR Incidents, Firewall Events, and DNS Security.
Furthermore, at this edition of the Mobile Technology Congress in Barcelona, Cisco’s ThousandEyes panel played a vital role in ensuring robust network security. Attendees enjoyed real-time tracking and insights into network efficiency, guaranteeing a smooth encounter from the beginning until the end. With the capacity to oversee essential components like the event portal and login processes, ThousandEyes ensured easy and uninterrupted access to crucial resources for the participants. This meticulous view and authority helped maintain the network’s integrity and dependability throughout the event.
Initial Day: An Assessment of Extent
The first day was about managing vast network movements effortlessly. From just a few personnel devices to thousands of devices linking concurrently, our firewall and network monitoring mechanisms operated without any flaws, managing a substantial traffic load while retaining precise visibility. The robust performance of our Cisco security solutions confirmed that network reliability is a non-negotiable element in a controlled laboratory setting or amid a dynamic conference.
Second Day: A Russian Threat Attempted to Disrupt the Gathering
Just when it seemed like the only unexpected occurrences at the Mobile Technology Congress 2025 wereAmidst the cutting-edge technology and impromptu showcases, our firewall records revealed an unforeseen turn. On the second day, our diligent surveillance unearthed an unusual incident: an elevation of privilege emanated from a source in Russia.
Our expert technician, Jorge Quintero, promptly marked this as a possible high-risk occurrence – a scenario where a device might be compromised. The records exhibited a consistent trend with C2 communications, triggering a prompt inquiry and decisive corrective actions. In the customary SNOC fashion, we ensured any unwelcome intruder was swiftly dealt with before causing chaos. (It seems even at MWC, cyber foes can’t resist the temptation of the gathering!)
What truly caught our attention in this IDS incident was a well-crafted plain-text script operating on port 80 through Internet Explorer (yes – it’s still in use).
The triggered Snort signature also pinpointed two primary methods in play:
- Initial Entry
- Execution
By utilizing public generative AI tools, the examination of the payload unveiled consistent traces of malevolent behavior — including efforts to detect anti-malware applications (presumably for deletion to ensure continuous access) and potentially escalate privileges further.
Ultimately, our suspicions were corroborated (if any doubts existed) by Talos and AlienVault threat intelligence. This IP address (associated with the Russian Federation) had already been noted for malevolent activities.
Day 3: Cryptomining — The Tale of the Good and the Evil
The third day unveiled a fascinating subject — cryptomining. From its modest origins to its current status as a multi-billion-dollar industry, we have observed the evolution of crypto — expanding beyond just digital currency to innovative applications in the fintech sector, encompassing NFTs and more.
Nevertheless, we have also witnessed how this technology has been exploited by malevolent entities, specifically for compromising devices and utilizing computing resources for cryptomining purposes.
By utilizing public AI tools to decrypt plain text, we determined that mining software (XMRig) was making RPC calls to the Monero cryptocurrency network. It’s essential to note that, although suspicious, this could still be a legitimate case of a device running mining software.
However, the illicit nature of this activity was once more confirmed through intelligence from Talos and AlienVault. The public IP address used had previously been flagged for involvement in malicious cryptomining operations.
Day 4: Deceleration and Event Recap!
Day 4 witnessed a deceleration in operations, resulting in a day without threats and allowing us ample time to examine and consolidate the complete data set from the event. Here are some key observations from the firewall assessment:
1. EVE (Encrypted Visibility Engine): Setting the stage for encrypted traffic scrutiny.
The Encrypted Visibility Engine (EVE) by Cisco has demonstrated the profound impact of recent innovations. Monitoring at Fira was exclusively conducted using IDS (Intrusion Detection System) for passive analysis. Even without decryption capabilities, we managed to detect threats within encrypted traffic and pinpoint the processes generating these traffic patterns.
2. Event-oriented analysis, fueled by Splunk
The partnership between Cisco and Splunk is a perfect match. Leveraging Cisco’s comprehensive security expertise and diverse portfolio alongside Splunk’s top-notch observability and flexibility enabled us to craft potent, actionable dashboards for easy utilization by the SNOC team.
Below is an overview of the holistic data from the entire event, spanning connection events, file events, intrusion events, and a prioritized list of incidents identified during the conference.
This encompassed DNS security blocks to safeguard attendees on Fira’s Network at MWC from malicious websites. More than 14,400 applications were detected on the MWC network.
Future Outlook
The unexpected incident on Day 2 served as a poignant reminder of a crucial lesson: in today’s interconnected landscape, every innovation must be complemented with stringent security measures. As we assess the achievements of MWC 2025, we are already devising strategies to bolster our threat detection and incident response capabilities, drawing from our experiences at MWC, Black Hat, and NFL.
Cisco’s SNOC Team is dedicated to maintaining an edge, converting challenges into opportunities for innovation and protection. Whether managing tens of thousands of connections or averting a rogue C2 signal, we are prepared to ensure that the digital realm remains as secure as it is brilliant.
While technology took the spotlight, the real heroes at the Security Booth were the committed individuals who brought these demos and operations to life. Sincere gratitude to: Alberto Torralba, Filipe Lopes, Jorge Quintero, Jervis Hui, Nirav Shah, John Cardani-Trollinger, and Emile Antone. Their dedication and expertise ensured flawless execution of every demo, capturing the attention of all attendees. Special thanks to Ivan Padilla Ojeda, our liaison with the network team, facilitating seamless connectivity within the SNOC.
We also extend our gratitude to those who aided in preparing for the SNOC: Ivan Berlinson, Ryan Maclennan, Aditya Sankar, Seyed Khadem, Tony Iacobelli, Dallas Williams, Nicholas Carrieri, and Jessica Oppenheimer.
Concluding Remarks
The Mobile World Congress 2025 not only showcased the upcoming wave of technological advancements but also served as a striking testament to how integrated, resilient security measures can protect even the most dynamic and high-stakes environments. The comparative analysis between Day 1 and Day 2 underscores the importance of staying vigilant, adapting continuously, and enhancing our defense mechanisms.
Thank you for being part of our journey through MWC 2025, and stay tuned for more insights and behind-the-scenes narratives from the event. In the realm of technology, every day is an opportunity for new discoveries!
We welcome your feedback. Ask a Question, Leave a Comment, and Connect with Cisco Secure on social media!
Social Media Channels for Cisco Security
About Author
