Category: Articles

5G networks are currently deployed across the globe by telecom operators and private enterprises. The 5G network is more complex than the previous generation of networks. With its Enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (uRLLC) and Massive IOT capabilities, 5G supports new use cases such as virtual reality, tele surgery, autonomous transport, industry automation and connecting billions of devices.

5G networks are currently deployed across the globe by telecom operators and private enterprises. The 5G network is more complex than the previous generation of networks. With its Enhanced Mobile Broadband (eMBB), Ultra Reliable Low Latency Communications (URLLC), and Massive IoT capabilities, 5G supports new use cases such as virtual reality, telesurgery, autonomous transport, industrial automation, and connecting billions of devices.

5G rollout also comes with numerous security concerns. Virtualization of network functions may lead to vulnerabilities such as denial of service. Software Defined Networks (SDN) are prone to attacks such as control plane threats, forwarding device attacks, API vulnerabilities, fake traffic flows, etc. 5G network attacks may even begin with exploiting the vulnerabilities in previous-generation networks. 5G core uses service-based architecture utilizing microservices deployed in cloud infrastructure. Microservices and the APIs connecting them also can open doors for attacks.

5G security is sufficiently addressed with new security frameworks such as SASE (Secure Access Secure Edge) or Zero Trust Security for the known vulnerabilities. However, with the wide variety of new 5G devices and millions of IoT devices introduced in the market with considerably fewer security features, the attack surface and vulnerabilities are also expanding.

Understanding the business impact of security breaches, simulating security threats, and planning mitigation approaches are vital for successful 5G network operations. The essential first step would be to build a comprehensive threat model to assess the network and applications’ risks and recognize the consequences of not addressing the risks. After formulating a threat model, the next important step in securing a 5G network would be to perform 5G penetration testing. Developing a comprehensive 5G security strategy is integral to the 5G deployment and validation. It must include security analysis and extensive cybersecurity testing across the supply chain, including all layers (i.e., hardware, operating system, applications, APIs, protocols), ensuring baseline security of 5G infrastructure.

Security & Vulnerability Assessment involves scanning 5G network components, devices, and applications.

5G cybersecurity assessment involves

• Assessment of systems for compliance with regulations and standards
• Gap analysis to unveil security holes
• Assessment of insider and external threat
• Assessment of active defenses and systems hardening
• Cybersecurity patching

Information Assurance Testing involves the assessment of an organization’s security policies and procedures for operating the 5G network. It is performed using industry best practices and frameworks.
Penetration Testing is focused on the non-radio parts of the network, such as IP, network, and physical security, and tests the resilience of the 5G network security. It involves hacking, testing, and identifying vulnerabilities in networks and applications to secure them from unauthorized access.

Security Compliance Testing involves security evaluation against relevant security standards such as 3GPP Security Assurance Specifications.

Automated Network Testing involves identifying common security issues such as unpatched software, unencrypted links, poor network addressing, etc. This testing is performed using automated network security tools on the 5G network.

Public Key Security Testing involves validating Public Key Infrastructure (PKI) that uses cryptographic public keys linked to a digital certificate to authenticate devices or users. PKI certificates play a vital role in establishing and securing IoT devices, providing a high level of control and enabling large-scale device authentication, integrity, and reliable encryption.

5G security spans applications, network functions, transport layers, and cloud environments. Hence a holistic approach to testing is key to addressing security challenges and requirements. However, many network operators need help to build CI/CD pipelines and automated test suites to conduct comprehensive security testing, requiring 3rd party specialist testing service providers. Tsaro labs is a specialist security testing service provider with domain experts in cybersecurity and telecom network and applications.

The Unmanned Aerial Vehicles (UAV) or drones industry has become a vast worldwide technological sensation. The extensive use of drones and UAVs has made UAS very popular for the public and the private sector, like the Agricultural industry, Armed Forces, law enforcement, meteorological agencies, medical services, environmental companies, oil refineries, windmill manufacturers, farm owners, and many more. In the next decade, drones may become a norm in day-to-day life, just as cell phones are a norm today, which they were not only a few years ago. Cybercriminals are already aware of this and always searching for new ways to use drone technology to extract sensitive information and create chaos.

Since drones are remotely controlled, their chances of being hijacked by bad actors are considerable. Major cyber domain threats caused by drone activity are Downlink intercept, GPS spoofing, data exploitation, and many more. Therefore, organizations must also be conscious of the risks and take necessary measures to secure this valuable technology.

How can we mitigate the prevailing threats?

1. Understand The Security Risks To Your Business With A Managed Vulnerability Assessment every six months.

Organizations must identify, quantify and address the security vulnerabilities within their company’s infrastructure, including on-premise and cloud networks.

Securing your platform as you would do with any network device. Some valuable tips are-

• Update the drone’s firmware and apply a manufacturer’s ppatch.
• Use strong passwords for the base station application.
• Use updated anti-virus software for your drone controller device.
• Subscribe to a VPN service to encrypt your connection.
• Limit the number of devices that can connect to the base station.
• Use the “Return to Home” (RTH) mode to ensure drone recovery from a hijack situation.

Counter Drones
Countermeasures should focus primarily on space protection. It is important to be able to detect drones efficiently. Thermal cameras, RF scanners, high-frequency radars, acoustic sensors, and sophisticated machine learning and AI algorithms are used for this purpose. However, drones’ small size and low speed make their detection difficult within a highly cluttered environment.
Other techniques involve geofencing software, which creates a virtual border around an area, prohibiting unauthorized drone flight.

Workforce Training
Workforce training on cyber security is essential to help you better understand, detect, respond and monitor security risks across your business.

Enterprise Resource Planning (ERP) software
Integrating ERP solutions to provide enhanced visibility, integration, agility, and response. It also includes technology that helps maintain and sustain UAVs and other defense assets.

Clearly, this is what happens even if bug bounty platforms cannot prevent attacks by not paying ample amount of $$ to personal (TA) for their work!

As its, developing information, found out that the person behind this attack is of 18 years old (remember there is no age limit for threat actors/hackers) & ultimately, he doesn’t even know what exactly to do with the data that he had accessed to. Still, he found a way in, that is why it makes us feel vulnerable.

According to The New York Times, the threat actor responsible for the Uber hack claims to have gained access simply by sending a text to an Uber employee pretending to be from the company’s corporate IT team and compromised the employee’s account he used the employee’s existing VPN access to pivot to the intranet network and talking about internal network infrastructure they are often less configured and less protected and less audited compared to external infrastructure, that leaves many doors open.

TA appears to have made themselves known to Uber’s employees by posting a message on the company’s internal Slack system. “I announce I am a hacker and Uber has suffered a data breach,” screenshots of the message circulating on Twitter read. The claimed hacker then listed confidential company information they said they’d accessed and posted a hashtag saying that Uber underpays its drivers. Once the attacker compromised an employee, they appear to have used that victim’s existing VPN access to pivot to the internal network. the attacker appears to have found an internal network share that contained scripts with privileged credentials, giving them the keys to the kingdom. They claim to have compromised Uber’s Duo, OneLogin, AWS, and GSuite environments.

The threat actor also breached the Uber Slack server, which he used to post messages to employees stating that the company was hacked. However, screenshots from Uber’s slack indicate that these announcements were first met with memes and jokes as employees had not realized an actual cyberattack was taking place.

The attacker shared several screenshots of Uber’s internal environment, including their GDrive, VCenter, sales metrics, Slack, and even their EDR portal.

Uber’s AWS environment appears to be compromised as well. This screenshot of their IAM portal appears to show that the attacker has administrative access. If true, cloud access could not only include Uber’s websites, but other critical internal services as well.

The fact that the attackers appear to have compromised an IR team member’s account is worrisome. EDRs can bake in “backdoors” for IR, such as allowing IR teams to “shell into” employee machines (if enabled), potentially widening the attacker’s access.

Previous incidents:

1. Uber hacked by teenager demanding higher pay for drivers.
2. Lapsus$ Cyberattacks Traced to Teenager in England.
3. Teen who hacked Bill Gates Twitter account sentenced.
4. Teenage hackers breached T-Mobile, grabbed 30k repos.
5. Scots ‘hacker’ could be extradited to America after manhunt.

Lessons Learnt:

• Organizations should start using Phishing resistant MFA.
• Awareness, and regular phishing tests of employees.
• Centralizing authentication like SSOs can be a single point of entry for any attackers.

So, how do you prevent social engineering ?

You don’t. Stop trying. This is the basic principle of security… it’s a every day process.

You assume it will happen and put in technical safeguards to prevent or minimize impact, here is how:

• Using phishing resistant MFA (FIDO, passkeys, etc.)
• Do not save your credentials as plain text.
• Investing in automation.
• Ensuring least privilege.
• Designing with an assumption of breach: How do we detect, contain, …? (Threat model).
• Education is a key to minimizing possible attack surface’s against Social Engineering.
• MFA providers should by default automatically lock accounts out temporarily when too many prompts are sent in a short period of time.

List of social engineering types of attacks

• Phishing
• Smishing
• Vishing
• Spam
• Spam over instant messaging (SPIM)
• Spear phishing
• Dumpster diving
• Shoulder surfing
• Pharming
• Tailgating
• Eliciting information
• Whaling

Nearly 84 percent of the world’s population now own a smartphone, and our dependence on them is growing all the time. It becomes an unimaginable task to spend a second without your mobile.

What you may or might not know about these devices is that it is surfacing as one of the fastest-growing attack spaces along with all the intelligent benefits.

As per the global report commissioned by private company Zimperium, more than one-fifth of mobile devices have encountered malware. And four in ten mobiles worldwide are vulnerable to cyber-attacks.

Remember! It just takes One Device to Gain Access to Your Company’s Network.

Businesses may not realize that mobile security may be their weakest link. A cybercriminal must only break into one unprotected mobile device (mobile phone, laptop, or tablet) in a company to access the whole network. This type of intrusion can be crippling to an SMB, costing the company revenue, disrupting its operations, endangering its critically essential data assets, and ruining customer relationships.

What makes mobile devices a great deal of attraction for cybercriminals?

You carry mobile phones wherever you go, exposing them to more networks daily. Not to mention that mobile phones contain a great deal of personal information and give various access to cyber criminals.

Cybercriminals can get your bank details, email, social media accounts, text messages, and other sensitive information by assessing your phone. It is like using one device where cybercriminals can access your personal information.

But how will you keep your mobile phones safe from such cyber-attacks?

By now, you would have known why mobiles are prone to cyber-attacks; therefore, what can you think of doing to ensure that your mobile phones are secure?

Bring more security to your devices by following some essential yet very crucial tips

1. Stay alert for suspicious URL

If you get an email for clicking on a URL to win a prize/ free holiday trip, don’t click! These can lead to cybercrime and may release viruses on your mobile devices.

2. Do check the software you install on the device

You would have noticed that almost all application requires access to your mobile phone’s – photos, contacts, and camera. Don’t click to avoid big trouble until they are from a safer application provider.

3. Do avoid using the accessible WiFi networks

When you connect your device to the free public WiFi network, check with the staff what the network’s official name is and how secure it is. Cyber attackers can introduce fake WiFi access that would look similar to the original word. For instance, “sh0pping mall” instead of “shopping mall”. Such artificial WiFi networks can ask you to provide sensitive information and then, later, sell it on the dark web.

4. Use an anti-malware solution

To manage devices and ensure premier-level security, we recommend installing an anti-malware application for your mobile device. Such devices can give a triggered alarm when it finds something suspicious and wipes off the chances of getting attacked.

Final Verdict

While choosing the right cybersecurity solutions for businesses, make sure you look for answers:

Perimeter Protection

It is a method of threat management that allows you to create a firewall that protects the company networks, systems, and data from external threats – malware, viruses, and many more

Private Network Access

For secure access to specific company apps and data that would need it without opening the entire network

Mobile Device Protection

With cloud-based security solutions, it allows company employees to stay protected irrespective of how or where they access your internet.

Monitoring and Remediation

It uses artificial intelligence (AI) to search PCs, tablets proactively, and servers for threat, quickly detecting issues & providing remediation