Reports

NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems

The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure.

The US National Security Agency and the US Cybersecurity Infrastructure and Security Agency have published a security advisory to warn of attacks on 5G networks through the hijacking of a provider’s cloud resources.

The report is part of a four-part series that was built on the ESF Potential Threat Vectors to 5G Infrastructure white paper that was released by the US agencies in May 2021.The guidance provides recommendations for preventing and mitigating cyberattacks on 5G infrastructure. The document focuses on mitigation for lateral movement attempts by threat actors who gained initial access into a 5G cloud system through the exploitation of a vulnerability,

“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” states the joint advisory. “To counter this threat, it is imperative that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. “

The risk of attacks from nation-state actors is high and it is essential that US telecommunications providers will implement best practices to secure their networks.

CISA and the NSA recommend 5G service providers and system integrators to implement the following measures to detect and block lateral movement in the 5G cloud:

  • Implement secure identity and access management (IdAM) in the 5G cloud
  • Keep 5G cloud software up-to-date and free from known vulnerabilities
  • Securely configure networking within 5G cloud
  • Lock down communications among isolated network functions
  • Monitor for indications of adversarial lateral movement
  • Develop and deploy analytics to detect sophisticated adversarial presence

“An attacker can use cloud/virtual networking to move through a network after initial compromise. Configurations to prevent and detect lateral movements is only one aspect of hardening a 5G cloud infrastructure. The detection and mitigation of lateral movement attempts within a 5G cloud system is a shared responsibility among 5G cloud providers, network operators, mobile network operators and customers.” concludes the report

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 5G)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A cyberattack was responsible for the week-long outage affecting Cellcom wireless network

Cellcom, a regional wireless carrier based in Wisconsin (US), announced that a cyberattack is the…

7 hours ago

Coinbase data breach impacted 69,461 individuals

Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals.…

14 hours ago

U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output…

18 hours ago

A critical flaw in OpenPGP.js lets attackers spoof message signatures

A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have…

19 hours ago

SK Telecom revealed that malware breach began in 2022

South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April…

23 hours ago

4G Calling (VoLTE) flaw allowed to locate any O2 customer with a phone call

A flaw in O2 4G Calling (VoLTE) leaked user location data via network responses due…

1 day ago