Trend Micro has released a detailed study that highlights new threats to 4G/5G campus networks. Many of them take advantage of the difficulties companies face when patching critical OT environments. […]
The study describes several attack scenarios and possible protective measures. The test environment mimics the conditions of a smart factory campus network.
“The manufacturing industry is at the forefront of IIoT implementation and is gearing up with 5G to be fully connected, increasing speed, security and efficiency. But with technological innovations, new threats are added to the old challenges,“ says Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “As the study shows, many companies are in a bind – they can’t afford the downtime needed to patch critical system vulnerabilities that could otherwise be exploited. Our research identifies safeguards and best practices to secure smart factories today and in the future.“
The Japanese security provider’s study identifies key gateways through which cybercriminals can compromise 4G / 5G core networks:
- Servers hosting Core network services: Attacks target vulnerabilities and weak passwords in standardized Commercial Off-the-shelf (COTS) servers based on x86 architectures.
- Virtual machines (VM) or containers: These can also be vulnerable if the latest patches are not installed in a timely manner.
- Network infrastructure: Appliances are often overlooked during patching cycles.
- Base stations: These also contain firmware that needs to be updated from time to time.
- Once the attacker enters the Core Network through one of these vulnerabilities, he will attempt to move laterally to intercept and alter network packets. By attacking industrial control systems in smart manufacturing environments, such as the test environment, cybercriminals could steal sensitive data, sabotage production, or blackmail the company.
Of the eleven attack scenarios outlined, one of the most potentially damaging is an attack on Microsoft Remote Desktop Protocol (RDP) servers, which are often used by IT and field technicians. Upgrading to 5G does not automatically protect RDP traffic, so attackers can use this access to download malware and ransomware or directly hijack industrial control systems. RDP 10.0 is the most secure version and may offer some protection against these attacks. However, it can also be difficult for companies to upgrade.
The study makes the following recommendations for protecting 4G / 5G campus networks:
- VPN or IPsec to protect remote communication channels, even to remote sites and base stations.
- Application-level encryption (HTTPS, MQTTS, LDAPS, encrypted VNC, RDP version 10.0, and secure industrial protocols such as S7COMM-Plus).
- EDR, XDR or MDR (Detection & Response) for monitoring attacks and lateral movements within the campus and the containerized core network.
- Proper network separation with VLAN or SDN.
- Timely Patching of servers, routers, and base stations, if possible.
- Anomaly detection products, such as Trend Micro Mobile Network Security, that detect the campus network and provide a robust way to turn off unknown device/SIM card pairs.
- Building a mobile network in an enterprise environment involves both end users and various other stakeholders. These include service providers and integrators. In addition, private 4G/5G networks form a large-scale infrastructure and have a long service life. Once set up, they are difficult to replace or change. For this reason, it is important to implement “Security by Default” and thus to identify and minimize security risks already at the design stage.
The full report “Attacks From 4G / 5G Core Networks: Risks of the Industrial IoT in Compromised Campus Network” can be viewed here.