03 Aug Study on security challenge for smart factory environments
5G should provide industry with a scalable, powerful and resilient network for IoT applications. But cyber security must also be adapted to the new technology. Trend Micro has published a study on this.
Trend Micro, a Japanese provider of cybersecurity solutions, has published a study that identifies new threats to 4G/5G campus networks. The study describes several attack scenarios and possible protective measures. The test environment mimics the conditions of a smart factory campus network.
“The manufacturing industry is at the forefront of IIoT implementation and is gearing up with 5G to be comprehensively connected, as well as increase speed, security and efficiency. But with technological innovation comes new threats on top of old challenges,” said Udo Schneider, IoT Security Evangelist Europe at Trend Micro. “As the study shows, many companies are in a bind – they can’t afford the downtime necessary to patch critical system vulnerabilities that could otherwise be exploited. Our research highlights protective measures and best practices to secure smart factories today and in the future,” Schneider said.
Identify vulnerabilities
Trend Micro identifies key entry points through which cybercriminals can compromise 4G/5G core networks:
Servers hosting core network services: attacks target vulnerabilities and weak passwords in standardised commercial-off-the-shelf (COTS) servers based on x86 architectures.
Virtual machines (VM) or containers: These can also be vulnerable if the latest patches are not applied promptly.
Network infrastructure: appliances are often overlooked during patching cycles.
Base stations: These also contain firmware that needs to be updated from time to time.
Once the attacker gets into the core network through one of these vulnerabilities, they will try to move laterally to intercept and modify network packets. By attacking industrial control systems in smart manufacturing environments, such as the test environment, cybercriminals could steal sensitive data, sabotage production or extort the company.
Of the 11 attack scenarios highlighted, one of the most potentially damaging is an attack on Microsoft remote desktop protocol (RDP) servers, which are commonly used by IT and field service technicians. The upgrade to 5G does not automatically protect RDP traffic, so attackers can use this access to download malware and ransomware or directly hijack industrial control systems. RDP 10.0 is the most secure version and may offer some protection against these attacks. However, even here it can be difficult for companies to upgrade.
Protection recommendations for companies
The study makes the following recommendations for protecting 4G/5G campus networks:
VPN or IPSec to protect remote communication channels, including to remote sites and base stations.
Application layer encryption (HTTPS, MQTTS, LDAPS, encrypted VNC, RDP version 10.0 and secure industry protocols such as S7COMM-Plus).
EDR, XDR or MDR (Detection & Response) to monitor attacks and lateral movements within the campus and containerised core network.
Proper network separation with VLAN or SDN.
Prompt patching of servers, routers and base stations, if possible.
Anomaly detection products, such as Trend Micro Mobile Network Security, that detect the campus network and provide a robust way to take down unknown device/SIM card pairs.
Building a mobile network in an enterprise environment involves both end users and various other stakeholders. These include service providers and integrators. In addition, private 4G/5G networks form a large-scale infrastructure and have a long lifespan. Once built, they can be difficult to replace or change. For this reason, Trend Micro recommends implementing ‘Security by Default’ to identify and minimise security risks in the design phase.
The full report “Attacks From 4G/5G Core Networks: Risks of the Industrial IoT in Compromised Campus Network” can be viewed here.
Source and photo: www.trendmicro.com
