Networked security in the age of 5G and IoT ( Picture: Klicker/pixelio.de; 273831)

A study from Trend Micro reveals the new threats to 4G/5G campus networks. Attack scenarios and protective measures are highlighted as 5G brings new threats that enterprises must address. Being made aware of critical system vulnerabilities helps to keep downtime in mind and also to identify and initiate necessary countermeasures.

Many companies are in a quandary: on the one hand, running a smart factory campus network, and on the other hand, being aware of what threats there are to connected systems. “The manufacturing industry is at the forefront of IIoT implementation and is gearing up with 5G to be comprehensively connected, as well as increase speed, security and efficiency. But with technological innovation comes new threats to add to the old challenges,” said Udo Schneider, IoT Security Evangelist Europe at Trend Micro. The study presents protective measures and reveals with best practices how to secure smart factories today and in the future.

Identify key entry points

The Japanese security vendor’s study enumerates the vulnerabilities that cybercriminals can use to compromise 4G/5G core networks:

• Servers hosting core network services: Attacks target vulnerabilities and weak passwords in standardized commercial off-the-shelf (COTS) servers based on x86 architectures.
• Virtual machines (VM) or containers: These can also be vulnerable if the latest patches are not applied in a timely manner
• Network infrastructure: appliances are often overlooked during patching cycles
• Base stations: These also contain firmware that needs to be updated from time to time

Once the attacker enters the core network through one of these vulnerabilities, they will attempt to move laterally to intercept and modify network packets. By attacking industrial control systems in smart manufacturing environments, such as the test environment, cybercriminals could steal sensitive data, sabotage production or extort the company.

Eleven attack scenarios make it clear

One of the most potentially damaging attacks is on Microsoft Remote Desktop Protocol (RDP) servers, commonly used by IT and field service technicians. The upgrade to 5G does not automatically protect RDP traffic, so attackers can use this access to download malware and ransomware or directly hijack industrial control systems. RDP 10.0 is the most secure version and may offer some protection against these attacks. However, even here it can be difficult for companies to upgrade.

Recommendations and protective measures

The study makes the following recommendations for protecting 4G/5G campus networks:

• VPN or IPSec to protect remote communication channels, including to remote sites and base stations.
• Application-layer encryption (HTTPS, MQTTS, LDAPS, encrypted VNC, RDP version 10.0, and secure industry protocols such as S7COMM-Plus)
• EDR, XDR or MDR (Detection & Response) to monitor attacks and lateral movement within the campus and containerized core network
• Proper network separation with VLAN or SDN
• Timely patching of servers, routers and base stations, if possible
• Anomaly detection products, such as Trend Micro Mobile Network Security, that detect the campus network and provide a robust way to take down unknown device/SIM card pairs

Building a mobile network in an enterprise environment involves both end users and various other stakeholders. These include service providers and integrators. In addition, private 4G/5G networks form a large-scale infrastructure and have a long lifespan. Once established, they can be difficult to replace or change. For this reason, it is important to implement “security by default” and in this way identify and minimize security risks already in the design phase.