fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NSA and CISA Share Guidance on Securing 5G Cloud Infrastructure

NSA and CISA Share Guidance on Securing 5G Cloud Infrastructure

CISA and the NSA shared guidance on securing cloud-native 5G networks from attacks seeking to compromise information or deny access by taking down cloud infrastructure.

The two federal agencies issued these recommendations for service providers and system integrators that build and configure 5G cloud infrastructure, including cloud service providers, core network equipment vendors, and mobile network operators.

The guidance, released as a four-part series, builds on a white paper released in May 2021 by the Enduring Security Framework (ESF) following the 5G study group, which explored potential threat vectors and vulnerabilities inherent to 5G networks.

Also Read: Got A Notice of Data Breach? Don’t Panic!

It’s also the direct result of engaging with experts across government and industry to identify risks impacting 5G security.

Blocking lateral movement in 5G cloud networks

“5G networks, which are cloud-native, will be a lucrative target for cyber threat actors who wish to deny or degrade network resources or otherwise compromise information,” the joint advisory says.

“To counter this threat, it is imperative that 5G cloud infrastructures be built and configured securely, with capabilities in place to detect and respond to threats, providing a hardened environment for deploying secure network functions. “

The first part of the guidance, published today, focuses on mitigating lateral movement attempts by threat actors who have breached a 5G cloud system.

CISA and the NSA said that 5G service providers and system integrators could implement the following measures to block and detect lateral movement in the 5G cloud:

  • Implement secure identity and access management (IdAM) in the 5G cloud
  • Keep 5G cloud software up-to-date and free from known vulnerabilities
  • Securely configure networking within 5G cloud
  • Lock down communications among isolated network functions
  • Monitor for indications of adversarial lateral movement
  • Develop and deploy analytics to detect sophisticated adversarial presence

Additional info on potential threat vectors to 5G infrastructure can be found in this whitepaper released by CISA, in coordination with the NSA, and the Office of the Director of National Intelligence, as part of the ESF cross-sector public-private working group in May.

Also Read: A Review of PDPC Undertakings July 2021 Cases

The whitepaper provides an overview of 5G threat vectors and detailed information on policy and standards threat scenarios, supply chain threat scenarios, and 5G systems architecture threat scenarios.

“Service providers and system integrators that build and configure 5G cloud infrastructures who apply this guidance will do their part to improve cybersecurity for our nation,” said Rob Joyce, NSA Cybersecurity Director.

The next three parts of security guidance for 5G cloud infrastructure will focus on:

  • Part II: Securely Isolate Network Resources: Ensure that there is secure isolation among customer resources with emphasis on securing the container stack that supports the running of virtual network functions. 
  • Part III: Protect Data in Transit, In-Use, and at Rest: Ensure that network and customer data is secured during all phases of the data lifecycle (at-rest, in transit, while being processed, upon destruction). 
  • Part IV: Ensure Integrity of Infrastructure: Ensure that 5G cloud resources (e.g., container images, templates, configuration) are not modified without authorization.

EU’s assessment of 5G security risks

European Union (EU) member states also published a coordinated risk assessment on the security of 5G networks two years ago, in October 2019.

The report identified the main threats and threats actors, the most sensitive assets, and the principal security vulnerabilities that could be used to compromise them.

The 5G security risk assessment report highlights the hazards behind using a single equipment supplier, with the shortage of equipment and 5G solutions diversity greatly extending the overall vulnerability of 5G infrastructure if a large number of operators use equipment from suppliers presenting a high degree of risk.

Security challenges linked to5G networks are also associated with connections between networks and third-party systems, as well as to the increased access third-party suppliers will have to nations’ 5G networks.

The EU’s report outlined the following security consequences stemming from the roll-out of 5G networks within EU member states:

  • Increased exposure to attacks and more potential entry points for attackers.
  • Due to new characteristics of the 5G network architecture and new functionalities, certain network equipment or functions are becoming more sensitive, such as base stations or key technical management functions of the networks.
  • Increased exposure to risks related to the reliance of mobile network operators on suppliers which willlead to a higher number of attacks paths that might be exploited by threat actors and increase the potential severity of the impact of such attacks.
  • In this context of increased exposure to attacks facilitated by suppliers, the risk profile of individual suppliers will become particularly important, including the likelihood of the supplier being subject to interference from a non-EU country.
  • Increased risks from major dependencies on suppliers: a major dependence on a single supplier increases the exposure to a potential supply interruption, resulting, for instance, from a commercial failure and its consequences.
  • Threats to the availability and integrity of networks will become major security concerns.

Additional information is available in EU member states’ joint report on 5G cybersecurity risks, including details on vulnerabilities, risk scenarios, and mitigating measures/security baseline.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us