Advintel cybersecurity experts: Malware operators now target exposed RDP connections to gain an initial foothold and exploit CVE-2018-8453 and CVE-2019-1069.
European Union Agency for Cyber Security (ENISA) issues the “Threat Landscape for 5G Networks” report
With the advent of the fifth generation (5G) of mobile networks, cyber security threat vectors will expand. It has been denounced by the European Union Agency for Cyber Security (ENISA) in the “Threat Landscape for 5G Networks” report. In particular with the exposure of new connected industries (Industry4.0) and critical services (connected vehicular, smart cities etc.). The growing concerns over availability and protection of user data and privacy will exacerbate with the security challenges introduced 5G. Hence, the most critical challenges relate to the resilience of the network and the protection of content and metadata of 5G communications. The complexity and extension of the attack surface makes the activity of accurately defining the 5G threat landscape a laborious task. It combines traditional IP-based threats with the all-5G network (core, access and edge), insecure legacy 2/3/4G generations and threats introduced by virtualisation technology.
The main threats related to 5G
According to the EU cyber security experts, the main threats related to 5G are:
- Nefarious activity/abuse (NAA): “intended actions that target ICT systems, infrastructure, and networks by means of malicious acts with the aim to either steal, alter, or destroy a specified target”.
- Eavesdropping/Interception/ Hijacking (EIH): “actions aiming to listen, interrupt, or seize control of a third party communication without consent”.
- Physical attacks (PA): “actions which aim to destroy, expose, alter, disable, steal or gain unauthorised access to physical assets such as infrastructure, hardware, or interconnection”.
- Damage (DAM): intentional actions aimed at causing “destruction, harm, or injury of property or persons and results in a failure or reduction in usefulness”.
- Unintentional Damage (UD): unintentional actions aimed at causing “destruction, harm, or injury of property or persons and results in a failure or reduction in usefulness”.
- Failures or malfunctions (FM): “Partial or full insufficient functioning of an asset (hardware or software)”.
- Outages (OUT): “unexpected disruptions of service or decrease in quality falling below a required level“.
- Disaster (DIS): “a sudden accident or a natural catastrophe that causes great damage or loss of life”.
- Legal (LEG): “legal actions of third parties (contracting or otherwise), in order to prohibit actions or compensate for loss based on applicable law”.
ENISA also categorised threats depending on whether the exploitation target is part of core network, radio access, network virtualisation or generic infrastructure component
In addition, ENISA categorised threats depending on whether the exploitation target is part of core network, radio access, network virtualisation or generic infrastructure component. Based on this criterion, threats can be further categorised into:
- Core Network threats, related to elements of the Core Network that includes SDN, NVF, NS and MANO. The majority fall under the categories of ‘Nefarious activity/abuse’ and ‘Eavesdropping/ Interception/ Hijacking’.
- Access network threats, related to the 5G radio access technology (RAT), radio access network (RAN) and non-3GPP access technologies. These include threats related to the wireless medium and radio transmission technology. The majority of the threats fall under the categories of ‘Eavesdropping/Interception/ Hijacking’.
- Multi-edge computing threats, related to components located at the edge of the network. The majority fall under the categories of ‘Nefarious activity/abuse’ and ‘Eavesdropping/ Interception/ Hijacking’.
- Virtualisation threats, related to the virtualisation of the underlying IT infrastructure, network and functions.
- Physical Infrastructure threats, related to the underlying IT infrastructure that supports the network. The majority fall under the categories of ‘Physical attacks’, ‘Damage or loss of equipment’, ‘Equipment failures or malfunctions’, ‘Outages’, ‘Disaster’.
- Generic threats, that typically affect any ICT system or network. The generic threats are important to mention since these help defining and framing the ones specific to 5G. As an example: many 5G specific threats may result in a network service shutdown that in general terms is defined as a Denial of Service (DoS) threat.
- SDN threats, related to the SDN functions that are omnipresent in the entire 5G infrastructure.
The threat agents and their new postures
Finally, according to the EU Agency “Trend Landscape for 5G” report, the threat agents will be:
- Cyber criminals
- Insider (own, third parties)
- Nation states
- Script kiddies
EU agency expects that in the next generation of Mobile Networks (5G), the existing threat agent profiles will develop towards a new set of capabilities and motives. This is due to the overarching nature of the 5G Mobile Networks: they are going to play the role of ‘networks of networks’, thus completely changing the use of the Internet and similarly, interconnecting numerous verticals that until now have been operating in isolation. Due to their nature, 5G networks will deliver multiple added-value and critical services and functions to the economy and society. This will attract the attention of existing and new threat agent groups with a large variety of motives. Given this complexity, it is expected that the following facts are going to change the attacker profile:
- A whole set of new vulnerabilities will expand the attack surface, exposure and number of critical assets.
- New tools/methods to exploit those vulnerabilities will be developed.
- New motives/ impacted targets are going to be observed due to the interconnected verticals/applications.
- Existing threat agent groups may be expanded with ones that have an interest in novel malicious objectives