The importance of understanding identity security threats in 5G

David Higgins at CyberArk.
(Image credit: Future)

5G promises to not only redefine the network, but completely transform digital experiences as we know them. Its introduction, dubbed as ‘a digital revolution’ and the ‘bridge to the future’, promises faster download speeds, improved latency and enhanced connectivity for billions, and should see 5G networks cover about half of the world’s population by 2025, according to estimates.

We mustn’t forget however that these advancements will open up new opportunities for malicious disruption and cyber attacks, as with any rapid technological advancement. In fact, cyber criminals and nation states are already exploring the new dimensions of potential implications and vulnerabilities 5G will create. And we should, too.

"Almost a year since it was published, we’ll summarise the opportunities the technology presents, and share some high-level recommendations."

David Higgins, CyberArk.

To help organisations navigate the evolving 5G threat landscape and ensure the UK remains at the forefront of the 5G rollout, the Commons Defence Select Committee published a seminal report looking at the security risks of the 5G network in late 2020, and advising organisations everywhere on the key considerations for remaining cyber-secure during the rollout of 5G. Almost a year since it was published, we’ll summarise the opportunities the technology presents, and share some high-level recommendations on how both consumers and industry players can continue developing a secure approach to 5G adoption.

The potential of 5G connectivity

5G will usher in a new age of virtual experiences and digital content, especially for consumers. It’s not only next-generation gaming, augmented reality, and immersive experiences that make 5G so exciting; faster speeds and lower latency will impact virtually every aspect of life and work, driving internal efficiencies, and sparking innovation.

The opportunity to deliver new customer experiences and offerings for communications service providers is tremendous, and the same is true for the 5G network operators who will build and operate the systems architecture underpinning these new business models.

Inevitable risks from the 5G rollout

This transformational mobile bandwidth is coming online while the Internet of Things (IoT) is reaching its peak. A wave of connected devices and services may open up endless possibilities for consumers and workers, but it will also expand the number and types of identities in an organisation’s infrastructure.

Attackers often rely on compromising identities — linked to humans, devices, and applications — and subsequent manipulation of ‘privileged’ user credentials to reach their targets’ most sensitive data, applications, or infrastructure.

5G networks provide foundational connectivity for innumerable services while also transmitting and storing private data for consumers, businesses and governments. All this, means attacks can quickly reverberate far beyond the initial incident.

Take the Verkada IoT breach in early 2021, for example, which showed what can happen when thousands of interconnected devices are not secured like other sensitive network assets. The late 2020 revelations that Google was hit with a DDoS attack also demonstrated what is possible in terms of attack scale.

As the 5G roll-out intensifies, attacks are already becoming more frequent, sophisticated and larger in scale; the telecom industry, for instance, was the number one target of DDoS attacks in the first quarter of 2021.

Analysis of 5G Threat Vectors: A paper

As previously mentioned, the Common’s report ‘The Security of 5G’ aims to inform on cybersecurity risks and drive collaborative solutions.

"Launching a ‘lively debate’ on the 5G security risks in Parliament and across the country, the inquiry led to a significant Government announcement."

David Higgins, CyberArk.

Launching a ‘lively debate’ on the 5G security risks in Parliament and across the country, the inquiry led to a significant Government announcement placing restrictions on high-risk vendors. After digging into the potential threats of 5G, the paper discovered that attacks can come from anywhere, including individuals and nation states, can be diverse in nature, and that the vendor market for 5G equipment isn’t diverse enough.

Alongside this, other major threats include the 5G supply chain and systems architecture. Both of which we’ll look into in more detail.

Ensuring security within the 5G supply chain

The global battle over 5G supremacy and resulting rush to establish necessary 5G critical infrastructure has created a perfect opportunity for attackers to conduct cyber espionage campaigns, foreign interference, and other malicious activities. As a result, the entire 5G supply chain is susceptible to risks such as malicious software and hardware, counterfeit components, poor designs, manufacturing processes, and maintenance procedures.

We’ve already seen the impact supply chain attacks have had on numerous businesses this year, with devastating cyberattacks such the SolarWinds breach and Codecov attack having targeted supply chains over the last twelve months. The number of such cyberattacks is increasing too, and is set to explode as billions of connected 5G devices compound the problem.

A single act of tampering at any point in the 5G supply chain could have a massive ripple effect. For example, business and home equipment like routers, smartphones, and IoT devices could be compromised en masse, while countries purchasing 5G equipment from companies with compromised supply chains could be vulnerable to interception, manipulation, disruption, or destruction of data.

Securing 5G systems architecture

Several new technologies are required to build out the critical 5G systems architecture needed to meet the data, capacity, and communication requirements of networks, namely software-defined networking, cloud-native infrastructure, network slicing, and edge computing. While absolutely vital to enabling 5G networks, these tools further increase the attack surface available for cyber criminals looking to exploit 5G.

"Many 5G component manufacturers and service providers are adopting measures to enhance security."

David Higgins, CyberArk.

Following the Commons Defence Select Committee’s report last year, many 5G component manufacturers and service providers are adopting measures to enhance security through technology improvements, but malicious actors can still exploit vulnerabilities — both legacy and brand new. Many do so by accessing unsecured and unmanaged privileged accounts and credentials which provide superuser access to critical telecommunications infrastructure, whether it’s on-premise, in the cloud, or in hybrid environments. This lack of appropriate security puts assets at increased risk of a damaging cyber-attack that could impact telecommunications companies and citizens alike.

Identity security considerations for the 5G era

Adopting Privileged Access Management, as well as an identity-centric approach to security, helps close the gaps and vulnerabilities that attackers are looking to exploit, and strengthen the very core of 5G infrastructure. Doing so isn’t always straightforward however, so telecommunications organisations and 5G architects should bear six key considerations in mind when setting out to improve their current security posture and mitigate the risk of future compromise:

  1. Credentials belonging to machine identities on IoT devices, as well as 5G component systems, must be both discovered and managed. Managing privileged access to legacy infrastructure can help identify these and prevent the malicious use of privileged accounts, the most common path to a business’s most valuable assets.
  2. Isolating and monitoring human-led privileged sessions is essential. It helps prevent malicious actors from moving laterally within a 5G network in search of potentially lucrative targets.
  3. Implementing the principle of Least Privilege, where a user is given the minimum levels of access or permissions needed to perform their job function, is a critical line of defence against ransomware attacks in particular.
  4. Remember, software must consistently patched and always up to date, especially in accordance with recent government guidance, to keep your infrastructure water-tight against external attackers.
  5. Don’t forget about your partners. Improve the security posture of your digital supply chain partners, who can exhibit chinks in the armour of your supply chain. You’re only as secure as your weakest link, after all.
  6. Acting confidently on suspicious behaviour in real-time. Empowering IT teams to monitor threats and detect anomalies as soon as they happen through training and supporting technology will help embed a culture of security in your organisation.

The era of 5G and IoT is dawning on us. While there are seemingly endless possibilities that can come from these technologies, this new age also brings with it significant risk. For organisations, a strong defence means adhering to the above considerations and implementing an ‘assume breach’ mindset. That should allow them to detect and isolate adversaries before they inflict serious damage, and protect identities in a 5G world.

David Higgins
EMEA Technical Director

David Higgins has more than 15 years’ experience in the cyber security industry and has worked to help the world’s leading – and most complex – organisations secure and protect their privileged access. Higgins has been with CyberArk since 2007 in various capacities including as Director of Customer Development, and today works with clients to advise on threats associated with privileged escalation, lateral movement and credential theft as well as discussing best practices and driving innovation around privileged management processes.