Post by account_disabled on Sept 14, 2023 18:10:47 GMT 8
Dayek noted that the same shared resources can also provide an opportunity for malware to spread between slices. For example, a network function could use a common set of servers to serve different device types from different customers on different network slices. In this case, one customer's IoT devices may need access to the same network functions and underlying infrastructure as another customer's connected vehicle. “They are completely different industries and different customers, but they are served by the same computing nodes with the same network capabilities,” Dayek said. “If there is a vulnerability within an IoT device that an attacker can exploit, they can deliver malware to other devices connected through the same network capabilities.” “We can push,” he said.
Dayek continued, “IoT devices are Phone Number List notorious security risks. “Most of them are old, and their firmware is often outdated and unpatched,” he said. “But other network components may also use default usernames and passwords or have unpatched vulnerabilities,” according to CISA.
Attacks can have far-reaching negative effects. A malicious actor can steal data from other users on the same network slice, but if there is a vulnerability in the way shared components are accessed, the attacker can also access other slices. “Virtualized architectures make it more difficult to detect and recognize the types of traffic traversing these networks and to mitigate new threats,” CISA warned.
Man-in-the-middle attacks put your data at risk
According to CISA, 5G network slices are vulnerable to man-in-the-middle attacks, where an attacker interrupts an unencrypted conversation between two network participants. Here, an attacker can eavesdrop on a conversation between two people and steal data, forward corrupted data, or terminate or slow down communication. CISA noted, “It is dangerous because malicious actors can modify the content of the message to provide incorrect or false information.”
How to secure a network slice
According to CISA, the two keys to network slice security are ▲ZTA (Zero Trust Architecture) and ▲continuous monitoring. ZTA can protect data and systems from attacks within individual slices and across multiple slices with multiple layers of security, encryption, and isolation. Monitoring can detect malicious activity, but many tools focus on performance, not malicious attacks, the agency warned.
“Network operators want performance monitoring and service quality monitoring,” Kato said. “However, we need control plane monitoring that can monitor the actual network logic to protect the network from malicious actors.” Kato added that anomaly detection and intrusion prevention systems should also be considered. The explanation is that such a system can identify and block risky behavior.
Dayek recommended that network security begins with visibility. “You need to be able to locate your infrastructure, know what resources each component is using, track IoT devices, and track connected devices, both known and unknown. “Once we have visibility, we can apply policies and rules related to connection security,” Dayek explained.
But scaling and deploying Kubernetes services and containerized deployment of communications functions pose challenges for telcos, Dayek noted. “Achieving visibility and control over network traffic and access is becoming increasingly difficult, adding to the complexity of visibility, detection and response. “This is especially true when hundreds or thousands of new devices join the network every day.”
Finally, you should have a plan in case your preventative measures fail. Dayek emphasized the importance of being prepared in case an attack occurs. “How do you plan to respond if something goes down? “There must be a way to control and prevent further damage to the network.”
The actual attack has not yet been revealed
Dayek said Deloitte runs its tests in a lab environment connected to a major cloud hyperscaler. “IoT devices can have various vulnerabilities, open ports, and outdated software. “It’s clear that major organizations don’t have full visibility at this point about what’s connected in the first place,” Dayek said. “I have not yet seen any successful attacks targeting vulnerable slices, but I am confident that such (vulnerable) slices exist, and I believe the same vulnerabilities described above apply,” Dayek said.
Gato also said he hasn't seen any publicly available data showing network slices have been successfully attacked, but "it's probably happening," he said. "One hope is that in the short term, network slicing attacks will be more difficult to perform because of the way cellular technology works. The point is that you will lose. “In general, unlike Wi-Fi, which is open, 5G is secure by default, so it will be more difficult to be compromised.” With Wi-Fi, you only need to exchange a password or some kind of security certificate to connect to the network, but with 5G, you need a physical SIM card or eSim to connect to the network or network slice, Kato explained.
Chester Wisniewski, CTO of applied research at global cybersecurity company Sophos, said the attack itself would have to be quite complex to be successful. “To date, few countries have the resources to carry out these attacks effectively,” Wisniewski said.
Still, Wisniewski urged caution. “When adopting 5G for mission-critical applications, you should not assume that 5G will always be available and unhackable,” Wisniewski said. “As with any device communicating over a public network, devices should always use encryption and verify both client and server identities before communicating,” he advised.
Dayek continued, “IoT devices are Phone Number List notorious security risks. “Most of them are old, and their firmware is often outdated and unpatched,” he said. “But other network components may also use default usernames and passwords or have unpatched vulnerabilities,” according to CISA.
Attacks can have far-reaching negative effects. A malicious actor can steal data from other users on the same network slice, but if there is a vulnerability in the way shared components are accessed, the attacker can also access other slices. “Virtualized architectures make it more difficult to detect and recognize the types of traffic traversing these networks and to mitigate new threats,” CISA warned.
Man-in-the-middle attacks put your data at risk
According to CISA, 5G network slices are vulnerable to man-in-the-middle attacks, where an attacker interrupts an unencrypted conversation between two network participants. Here, an attacker can eavesdrop on a conversation between two people and steal data, forward corrupted data, or terminate or slow down communication. CISA noted, “It is dangerous because malicious actors can modify the content of the message to provide incorrect or false information.”
How to secure a network slice
According to CISA, the two keys to network slice security are ▲ZTA (Zero Trust Architecture) and ▲continuous monitoring. ZTA can protect data and systems from attacks within individual slices and across multiple slices with multiple layers of security, encryption, and isolation. Monitoring can detect malicious activity, but many tools focus on performance, not malicious attacks, the agency warned.
“Network operators want performance monitoring and service quality monitoring,” Kato said. “However, we need control plane monitoring that can monitor the actual network logic to protect the network from malicious actors.” Kato added that anomaly detection and intrusion prevention systems should also be considered. The explanation is that such a system can identify and block risky behavior.
Dayek recommended that network security begins with visibility. “You need to be able to locate your infrastructure, know what resources each component is using, track IoT devices, and track connected devices, both known and unknown. “Once we have visibility, we can apply policies and rules related to connection security,” Dayek explained.
But scaling and deploying Kubernetes services and containerized deployment of communications functions pose challenges for telcos, Dayek noted. “Achieving visibility and control over network traffic and access is becoming increasingly difficult, adding to the complexity of visibility, detection and response. “This is especially true when hundreds or thousands of new devices join the network every day.”
Finally, you should have a plan in case your preventative measures fail. Dayek emphasized the importance of being prepared in case an attack occurs. “How do you plan to respond if something goes down? “There must be a way to control and prevent further damage to the network.”
The actual attack has not yet been revealed
Dayek said Deloitte runs its tests in a lab environment connected to a major cloud hyperscaler. “IoT devices can have various vulnerabilities, open ports, and outdated software. “It’s clear that major organizations don’t have full visibility at this point about what’s connected in the first place,” Dayek said. “I have not yet seen any successful attacks targeting vulnerable slices, but I am confident that such (vulnerable) slices exist, and I believe the same vulnerabilities described above apply,” Dayek said.
Gato also said he hasn't seen any publicly available data showing network slices have been successfully attacked, but "it's probably happening," he said. "One hope is that in the short term, network slicing attacks will be more difficult to perform because of the way cellular technology works. The point is that you will lose. “In general, unlike Wi-Fi, which is open, 5G is secure by default, so it will be more difficult to be compromised.” With Wi-Fi, you only need to exchange a password or some kind of security certificate to connect to the network, but with 5G, you need a physical SIM card or eSim to connect to the network or network slice, Kato explained.
Chester Wisniewski, CTO of applied research at global cybersecurity company Sophos, said the attack itself would have to be quite complex to be successful. “To date, few countries have the resources to carry out these attacks effectively,” Wisniewski said.
Still, Wisniewski urged caution. “When adopting 5G for mission-critical applications, you should not assume that 5G will always be available and unhackable,” Wisniewski said. “As with any device communicating over a public network, devices should always use encryption and verify both client and server identities before communicating,” he advised.