Trend Micro research, conducted by Proof of Concept (PoC), reveals the possibility of multiple attacks on connected systems
THE Trend Micro, a world leader in cybersecurity solutions, conducted in-depth research highlighting the new threats to 4G/5G campus networks, many of which capitalize on the difficulty organizations have in remediating critical Operating Technology (OT) environments. The report details various attack scenarios and possible mitigations using a test environment designed to mimic an intelligent factory network.
“Manufacturers are at the forefront of deploying the IIoT (Industrial Internet of Things), and are gearing up to harness the power of 5G connectivity everywhere to drive greater speed, security and efficiency. But with the new technology also come new threats to the challenges assumed”, highlights Yohei Ishihara, Security Evangelist at Trend Micro. “As the report warns, many are stuck in a dead end — unable to afford the downtime necessary to fix critical system vulnerabilities that could otherwise be exploited. Fortunately, our extensive research also highlights multiple mitigations and best practices to protect smart factories today and tomorrow.”
The report identifies several key entry points for attackers to compromise a core 4G/5G network:
• Servers that host core network services: targeting vulnerabilities and weak passwords on these standard COTS x86 servers;
• VMs or containers: these can also be exposed if the patches not applied promptly;
•Network infrastructure: devices are often forgotten during cycles of patch;
• Base stations: also contain firmware (embedded software) that needs to be updated from time to time.
Once the attacker enters the core network from any of these entry points, it will move sideways in an attempt to intercept and alter the data packets. By attacking intelligent factory industrial control systems, such as the one simulated at the test site, attackers can steal sensitive data, sabotage production, or demand rescue from companies for information hijacking.
Of the 11 Attack Scenarios Evaluated, which showed greater damage power involves the servers Microsoft Remote Desktop Protocol (RDP – Remote Desktop Protocol), which are commonly used by IT and field engineers. Upgrading to 5G does not automatically protect RDP traffic, so hackers can use this access to download malware and ransomware, or directly hijack industrial control systems. RDP v 10.0 is the most secure version and may offer some protections against intrusion, but again it can be difficult.
Building a mobile network in an enterprise environment involves both end users and multiple stakeholders, including service providers and integrators. Furthermore, private 4G/5G networks are large-scale infrastructures with a long life, so once built they are difficult to replace or modify. Therefore, it is essential to implement “security by default” to identify and mitigate security risks in the design phase of the project.
To read the report Attacks on 4G/5G Core Networks: Industrial IoT Risks, click ON HERE.
