NSA and CISA explained how to prevent and detect lateral movement in 5G networks via cloud systems

The US NSA and CISA published a security advisory to warn about threat actors compromising 5G networks via cloud infrastructure.

The US National Security Agency and the US Cybersecurity Infrastructure and Security Agency have published a security advisory to warn of attacks on 5G networks through the hijacking of a provider’s cloud resources.

The report is part of a four-part series that was built on the ESF Potential Threat Vectors to 5G Infrastructure white paper that was released by the US agencies in May 2021.The guidance provides recommendations for preventing and mitigating cyberattacks on 5G infrastructure. The document focuses on mitigation for lateral movement attempts by threat actors who gained initial access into a 5G cloud system through the exploitation of a vulnerability,

“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” states the joint advisory. “To counter this threat, it is imperative that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. “

The risk of attacks from nation-state actors is high and it is essential that US telecommunications providers will implement best practices to secure their networks.

CISA and the NSA recommend 5G service providers and system integrators to implement the following measures to detect and block lateral movement in the 5G cloud:

  • Implement secure identity and access management (IdAM) in the 5G cloud
  • Keep 5G cloud software up-to-date and free from known vulnerabilities
  • Securely configure networking within 5G cloud
  • Lock down communications among isolated network functions
  • Monitor for indications of adversarial lateral movement
  • Develop and deploy analytics to detect sophisticated adversarial presence

“An attacker can use cloud/virtual networking to move through a network after initial compromise. Configurations to prevent and detect lateral movements is only one aspect of hardening a 5G cloud infrastructure. The detection and mitigation of lateral movement attempts within a 5G cloud system is a shared responsibility among 5G cloud providers, network operators, mobile network operators and customers.” concludes the report

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, 5G)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.