Cybersecurity plays a critical role in enabling new advancements like 5G and IoT, as it works toward protecting the value and innovation they bring.
Compared to its predecessors, the 5G network is software-defined, which means that it can be reprogrammed to suit customer requirements that change quickly and quite often. What impact does this mean for cybersecurity?
The addition of more IoT devices could also present attribution difficulties for security statistics that have been used to monitoring only human subscribers as opposed to machine subscribers – a second subscriber type made up of IoT devices.
Recently, Trend Micro unveiled its new research into the IoT cybercrime underground of criminal forums – gathering insights into current threats from the very minds that conceived them. Insights showed that cybercriminals are fast monetizing IoT attacks, across a wide spectrum of IoT applications.
Cybercriminal attacks using a 5G network and its IoT devices could spell devastating damage. CybersecAsia speaks with Nilesh Jain, Vice President of Southeast Asia and India, Trend Micro about the challenges, advancements and best practices in securing 5G and IoT in the region.
As we make the leap from 4G to 5G, what are the foreseeable problems IT security teams will experience?
Nilesh: Much of the anticipation over 5G comes not only from it being a technological development itself, but also the other technologies it will enable.
Unlike traditional hardware-defined networks (IT, 1G, 2G, 3G, 4G), the 5G network is software-defined. What this means is that it is highly dynamic and can be reprogrammed to suit customer requirements that change quickly and quite often.
Unfortunately, this data volatility can affect security network statistics, and correcting this volatility presents a complex identity and access management (IAM) and attribution problem, especially for ecosystems connected to the internet of things (IoT).
Here are some challenges IT security teams may face:
- Decreased detection rates: The security platforms that IT teams rely on use, very common, industrially accepted security rules typically obtained from third parties. All rely on the “if it’s on the list, don’t let it perform X” concept. These data-level access controls do not understand the subtleties of very legitimate – but very customized – traffic. This previously unknown customer software-defined network activity will look like a statistical anomaly: It will appear as a false positive and become whitelisted as a business response that is invisible to security processes.
- Skills shortage: A software-defined network is a collection of software applications sitting on generic computer hardware. Software is managed at the data level (i.e.: data plane) – the part of a network that carries user traffic. Most security practitioners have never worked directly with this data stream before. Security staff will need to add software coding skills to their other skills (like fraud investigation or network security strategy) to interpret this data.
How has the expansion of IoT introduced data concerns in 5G?
Nilesh: The dynamic and volatile data-driven nature of 5G involves many fundamental changes. Many of these relate to identity and attribution, specifically after the introduction of a second subscriber type: the “machine subscriber,” made up of IoT devices.
While security statistics were thoroughly designed to monitor only one known subscriber type (humans), IoT machine subscribers have hundreds of thousands of different subscriber types with their own network behaviors, most of which are new and unknown.
Since the carrier is the most important part of a 5G network’s data supply chain, the inability to profile a variety of IoT devices becomes a critical issue. Without the capacity to differentiate between malicious and benign IoT devices, the security function could be constantly alerting the team to false positives.
Unable to take definitive action without affecting the operational technology, the affected business units will typically disable the noisy security function, effectively sabotaging their own network. One can only imagine what a field day it would be for cybercriminals!
Are criminals adding new bells and whistles for IoT-specific attacks?
Nilesh: We analyzed several IoT cybercrime underground communities and saw a lot of interest in and curiosity about a wide variety of online devices. The most requested hacking methods were for routers, webcams, and printers.
There were also tutorials on the inner workings of commercial gas pumps and programmable logic controllers (PLCs) – devices found in factories and other structures with industrial machinery that enable complex equipment to be managed remotely.
It also became clear that for the cybercriminals to act, they must first need to find a viable business model – monetization is key. The money-driven criminals make up a market thriving with exploits for routers, customized firmware for smart meters, talks of hacking gas pumps, and router-based botnets for sale.
Overall, the increase of mobile connectivity worldwide will allow for faster attacks and additional capabilities for hackers. The switch from 4G to 5G may offer attackers more avenues for exploitation or monetization.
Forget about IoT 2025. how will IoT attacks evolve within the next 12 to 18 months?
Nilesh: We predict an evolution of IoT attacks within the next 12-18 months, as more and different kinds of connected devices are constantly joining the internet. This means the possibilities for attackers are multiplying, and we can expect to see more advanced threats, like low-level rootkits or firmware infections. New classes of devices that may be susceptible to attack include virtual reality devices or cryptocurrency mining kits.
Smart factories will also be an attractive target for cyber felons as the PLCs I spoke about earlier are increasingly being found online. In this attack scenario, the business model comes from threatening the device’s owner with downtime, which can result in huge losses if production grinds to a halt. In this case, cybercriminals can extort money without needing to understand how the devices work.
How has the convergence of IT and OT networks introduced device classes into the IT network that are either outdated or possibly vulnerable?
Nilesh: In industrial environments, operational technology (OT) and information technology (IT) have become more connected than ever. This convergence provides industries with optimized automation and better visibility, among other benefits. However, it is also the main characteristic that makes IIoT-integrated facilities more susceptible to cyberattacks.
OT is concerned with the physical aspect of industrial production, including systems for checking if a certain tank is overflowing, or for ensuring that a valve opens when it should. These were normally closed systems that relied more heavily on physical security to ensure integrity, but now they are increasingly being brought online.
Along with traditional enterprise and office functions, a key concern of IT is the flow – and sometimes collection and analysis – of data that comes from within and outside of the industrial facility. Traditional IT has many gateways – a large and vulnerable surface that is exposed to constantly evolving threats.
The convergence of IT and OT means that the lines between the two teams are blurring, which can result in a weak or exposed industrial facility. Additionally, more connected endpoints mean more potential gateways for cybercriminals to gain access to networks and infrastructure systems.
What are some pragmatic and practical defense tactics businesses – and governments alike – should start paying attention to?
Cybersecurity plays a critical role to ensure the continued success of 5G and the IoT. Here are some guidelines for different audience groups to adhere to:
- For enterprises: IoT projects can drive an explosion in unsecured endpoints – having visibility across all endpoints is key for enterprises as endpoint vectors are stepping stones into corporate networks; en route to sensitive customer data and IP.
- For integrators: Having complete visibility over each device connected to a single network is crucial in gaining control not just over the IoT environment, but also the threats and weaknesses each device might bring to the network.
- For manufacturers: Security should never be an after-thought. Implementing security from the design phase – as seen in a DevSecOps approach – can help reduce the number of openings found by cybercriminals in numerous devices streaming into the market.
- For governments: Strong relationships need to be established between stakeholders and government bodies for the sharing of information, intelligence, capacity building and research. Governing bodies can champion the sharing of vulnerabilities among suppliers, creating a central response hub.