The study describes several attack scenarios and possible protective measures. The test environment mimics the conditions of a smart factory campus network. "The manufacturing industry is at the forefront of IIoT implementation and is gearing up with 5G to be fully connected and increase speed, safety and efficiency. But with technological innovation comes new threats on top of old challenges," says Udo Schneider, IoT Security Evangelist Europe at Trend Micro. "As the study shows, many organizations are in a bind - they can't afford the downtime necessary to patch critical system vulnerabilities that could otherwise be exploited. Our research highlights protective measures and best practices to secure smart factories today and in the future."

The study by Japanese security provider Trend Micro identifies key entry points through which cybercriminals can compromise 4G/5G core networks:

• Servers hosting core network services: attacks target vulnerabilities and weak passwords in standardized COTS servers (COTS- Commercial Off-the-shelf) based on x86 architectures.
• Virtual machines (VM) or containers: These can also be vulnerable if the latest patches are not applied promptly.
• Network infrastructure: Appliances are often overlooked during patching cycles.
• Base stations: These also contain firmware that needs to be updated from time to time.

Once the attacker gains access to the core network via one of these vulnerabilities, they will attempt to move laterally to intercept and modify network packets. By attacking industrial control systems in smart manufacturing environments, such as the test environment, cybercriminals could steal sensitive data, sabotage production or blackmail the company.

Of the eleven attack scenarios highlighted, one of the most potentially damaging is an attack on Microsoft RDP (Remote Desktop Protocol) servers, which are commonly used by IT and field service technicians. The upgrade to 5G does not automatically protect RDP traffic, so attackers can use this access to download malware and ransomware or directly hijack industrial control systems. RDP 10.0 is the most secure version and may offer some protection against these attacks. However, even here it can be difficult for companies to upgrade. The study makes the following recommendations for protecting 4G/5G campus networks:

• VPN or IPSec to protect remote communication channels, including to remote sites and base stations.
• Encryption at the application level (HTTPS, MQTTS, LDAPS, encrypted VNC, RDP version 10.0 and secure industrial protocols such as S7COMM-Plus).
• EDR, XDR or MDR (Detection & Response) for monitoring attacks and lateral movements
• within the campus and the containerized core network.
• Proper network separation with VLAN or SDN.
• Prompt patching of servers, routers and base stations, if possible.
• Anomaly detection products, such as Trend Micro Mobile Network Security, that recognize the campus network and provide a robust way to shut down unknown device/SIM card pairs.

The three current types of core networks and their characteristics.

© Trend Micro

Both end users and various other stakeholders are involved in setting up a mobile network in a corporate environment. These include service providers and integrators. In addition, private 4G/5G networks form a large-scale infrastructure and have a long lifespan. Once built, they are difficult to replace or change. For this reason, it is
important to implement "security by default" and thus identify and minimize security risks as early as the design phase.