NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems

The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure.

The US National Security Agency and the US Cybersecurity Infrastructure and Security Agency have published a security advisory to warn of attacks on 5G networks through the hijacking of a provider’s cloud resources.

The report is part of a four-part series that was built on the ESF Potential Threat Vectors to 5G Infrastructure white paper that was released by the US agencies in May 2021.The guidance provides recommendations for preventing and mitigating cyberattacks on 5G infrastructure. The document focuses on mitigation for lateral movement attempts by threat actors who gained initial access into a 5G cloud system through the exploitation of a vulnerability,

“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” states the joint advisory. “To counter this threat, it is imperative that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. “

The risk of attacks from nation-state actors is high and it is essential that US telecommunications providers will implement best practices to secure their networks.

CISA and the NSA recommend 5G service providers and system integrators to implement the following measures to detect and block lateral movement in the 5G cloud:

• Implement secure identity and access management (IdAM) in the 5G cloud
• Keep 5G cloud software up-to-date and free from known vulnerabilities
• Securely configure networking within 5G cloud
• Lock down communications among isolated network functions
• Monitor for indications of adversarial lateral movement
• Develop and deploy analytics to detect sophisticated adversarial presence

“An attacker can use cloud/virtual networking to move through a network after initial compromise. Configurations to prevent and detect lateral movements is only one aspect of hardening a 5G cloud infrastructure. The detection and mitigation of lateral movement attempts within a 5G cloud system is a shared responsibility among 5G cloud providers, network operators, mobile network operators and customers.” concludes the report

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 5G)

[adrotate banner=”5″]

[adrotate banner=”13″]