[TheRecord] NSA warns of threat actors compromising entire 5G networks via cloud systems

The US National Security Agency has published a security advisory today warning about how attackers could compromise entire 5G networks by hijacking a provider’s cloud resources.

The NSA advisory, published together with experts from the US Cybersecurity Infrastructure and Security Agency, is part one of a four-part series the agency plans to publish on 5G security.

The series contains extensive guidance for preventing and dealing with cyberattacks on 5G infrastructure and builds on a previous guide [PDF] the two agencies published in May.

According to the NSA, part one contains “recommendations for mitigating lateral movement attempts by malicious cyber actors who have successfully exploited a vulnerability to gain initial access into a 5G cloud system.”

The NSA is hoping that US telecommunications providers involved in the 5G rollout will follow these practices and avoid their 5G infrastructure being compromised by foreign actors.

Besides the potential of attacks on the cloud infrastructure that holds 5G networks together, the guide also lists possible threats to the US 5G networks, such as:

Counterfeit components – more susceptible to cyber-attack and are more likely to break because of their poor quality. They can also be backdoored.Inherited components – compromised or weakly-secured components might end up on US 5G networks via complex supply chains, which will need to be investigated.Open standards – adversarial nations may contribute to open standards to request the inclusion of proprietary or untrusted technologies.Optional controls – standards may come with optional security controls that some network operators may not be willing to use.Software/configurations – which refers to vulnerabilities in 5G equipment that may be exploited by attackers to compromise equipment and their configurations.Network security – attacks on network equipment could allow threat actors to access 5G infrastructure.Network slicing – the ability of network operators to split their 5G networks into zones, depending on the type of connected devices. Threat actors could break through these zones and access critical infrastructure.Legacy communications integrations – vulnerabilities in legacy protocols could be used by threat actors to access 5G infrastructure.Spectrum sharing – may provide opportunities for malicious actors to jam or interfere with non-critical communication paths, adversely affecting more critical communications networks.

The NSA said the rest of its 5G security guidance papers would be published in the coming weeks — on this page.

“This series exemplifies the national security benefits resulting from the joint efforts of Enduring Security Framework (ESF) experts from CISA, NSA, and industry,” said Rob Joyce, NSA Cybersecurity Director.

“Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation.”

The post NSA warns of threat actors compromising entire 5G networks via cloud systems appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] US Says Agencies Largely Fended Off Latest Russian Hack

All posts, Security Week

The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month’s planned presidential summit. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2019-07-31

Poliisi: Edistyneet kiristyshyökkäykset jatkuvat www.poliisi.fi/tietoa_poliisista/tiedotteet/1/1/edistyneet_kiristyshyokkaykset_jatkuvat_82917?language=fi Koulujen alkaessa kuullaan usein varoitteluja uusista tienkäyttäjistä. Tällä kertaa poliisi varoittaa jälleen tietoverkoissa liikkuvia ja tietoverkkojen ylläpitäjiä. Taustalla on Kokemäellä tapahtunut tietomurto.. Lounais-Suomen poliisilaitoksen kyberrikostutkintaryhmä tutkii tapausta yhteistyössä Keskusrikospoliisin ja Traficom Liikenne- ja Viestintäviraston Kyberturvallisuuskeskuksen kanssa. Tutkintanimikkeenä on törkeä datavahingonteko. On varsin todennäköistä, että muitakin rikosnimikkeitä tulee tutkinnan edetessä kyseeseen.. […]

Read More

[HackerNews] Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

All posts, HackerNews

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were detailed by a group of Source: Read […]

Read More