The opportunities for threat actors
New features within 5G networks bring many advantages, enabling new use cases. However, the technical complexities can create new opportunities for threat actors.
The ongoing transformation to cloud native introduces new concepts, new deployment methods and more complex partnership structures. With this trend, deployments are becoming more complex. This requires new types of competence and skill sets, from both vendors and service providers. Consequently, the risk for misconfigurations, which expose weaknesses, is increased. Vulnerabilities in virtualization, cloud services, or network slicing can have a considerable impact, as they may enable access to unauthorized resources.
5G will connect billions of devices, and not all these devices have sufficient security protection. Devices used for Industrial IoT are often optimized for a specific task, with design driven by cost efficiency. Vulnerabilities in these devices can be used to target the 5G network, or the industry vertical. This requires protection of devices to be provided from the network side. In general, any exposed interface provides an initial entry point for a threat actor. LightBasin accessed target networks via incorrectly exposed interfaces on the GPRS roaming exchange (GRX), a closed inter-service provider network.
Threat actors are increasingly using valid credentials for accessing targets. In addition to the traditional social engineering techniques for obtaining human identities, threat actors are looking for weaknesses presented by the surge of machine identities that are needed in cloud-native deployments. Strong multi-factor authentication, with management and monitoring of privileged accounts, is essential to prevent and detect account misuse. It will also limit the impact of credential theft and the exploitation of vulnerabilities.