Do traditional IT threats impact real-world private 5G networks?

3 mins.
IT factory environment with its 5G connections; smart industry; with cybersecurity lock sign

The conventional view that private 5G networks are unbreakable because they are isolated and more secure than older technologies (3G/4G) is a common one. Spoiler alert: there are still risks! Despite rigorous testing and certification required before installation, anomalies and potential security breaches can – and do – occur due to diverse usage patterns and many different types of applications. 

While new types of communication technologies (CT) are not yet common targets, exploits and attacks used against traditional IT deployments can still impact private network deployments.

This case study highlights an recent event that occurred in a private 5G environment, demonstrating that these networks may not be as “private” as assumed, and in the end, how CTOne helped the customer to proactively understand and mitigate the issue and risks from it.

Background

During a recent digital transformation project, the organization looked at the options for networking and chose private 5G over Wi-Fi. Driven by the deployment of on-site AI applications and their need for high transmission speeds, wide bandwidth, and extensive IoT device connectivity, the criteria driving their choice was the requirement to ensure a more secure connection that included enhanced stability and network quality.

While access to the private 5G network is selectively provided to specific users and applications, it is easily accessible based on the submission of a simple web request. Consequently, monitoring for abnormal events or misuse of the 5G service is essential, combined with the ability to proactively respond to the detection of any unusual behavior.

With the potential to expose sensitive user information, the organization was especially risk averse, working with CTOne to prioritize security alongside performance, emphasizing visibility and the ability to fully understand their security posture and manage risks effectively within their new private 5G network.

Customer Project

The organization is leveraging private 5G for public area use. Upon approval, individuals are able to access private 5G network services for applications using AI, AR, VR, and automated guided vehicles (AGV).

Private 5G Environment

  • No Operator, only system integrator and service providers provide the complete private 5G environment
  • RAN/5GC provider dependent
  • 5G Standalone (SA) architecture
  • Dedicated spectrum for private 5G network
  • Number of UE: over 100 Endpoints on the fields

Event Details

The customer’s private 5G deployment was operational and effectively supporting key applications. However, leveraging the CTOne solution, abnormal events were detected at N3 from various endpoints, involving TCP SYN Flood and ICMP Flood, and the data traffic was blocked at N3.

The logs indicated a significant number of TCP SYN packets were potentially being sent from an approved endpoint device. The ICMP flood detected had an ICMP Type of Destination Unreachable (ICMP type 3). These ICMP unreachable messages can be generated due to TCP, UDP, or ICMP messages. UDP flood/scan is the most common cause of these ICMP unreachable messages.

Expert info

What is a SYN flood attack?

A SYN flood, also known as a half-open attack, is a type of denial-of-service (DDoS) attack designed to render an IT server unavailable to legitimate traffic by exhausting its resources. This is achieved by continuously sending initial connection request (SYN) packets, overwhelming all available ports on the targeted server. As a result, the targeted device responds sluggishly or fails to respond at all to legitimate traffic.

What is a Ping flood attack?

A ping flood is a denial-of-service attack where the attacker floods a targeted device with ICMP echo-request packets, aiming to overwhelm it and render it inaccessible to normal traffic. When this attack originates from multiple devices simultaneously, it escalates into a distributed denial-of-service (DDoS) attack.

For the observed behavior, the relevant attack vectors are both connected devices and remote.

User Equipment (UE) such as mobile phones and cellular IoT devices. Also includes SDR UEs.

Adversary can execute these attacks from external networks by sending network packets.

The CTOne Solution

CTOne delivers a joint defense solution for securing private 5G deployments, including protection across the endpoint and network layers:

Endpoint layer:

  • CTOne SIM card solution with endpoint protection

Network layer:

  • TMMNS Inspector deployment: N3
  • Mode: Inline
  • Host OS: RHEL 8
  • Hypervisor: KVM

*Solution Deployment

*Management console for real-time endpoints’ security visibility

*Threat Visualization

Key Findings

  1. Private 5G, like IT networks, are susceptible to attacks. In this use case of a private 5G network that is open to the public or accessible to specific users with minimal vetting increases the possibility of different types of attacks.
  2. Abnormal behavior could potentially negatively impact the performance of 5G application services from various forms of DDoS attacks.
  3. While the vulnerability in this case does not directly involve the 5G core itself, this example demonstrates that private 5G networks can be disrupted from the endpoint, highlighting its vulnerability despite being perceived as a closed and secure environment. To learn more about the 5G vulnerabilities discovered by CTOne’s threat experts, please visit:
    The imperfect 5G core network infrastructure platform may become a potential cybersecurity vulnerability for enterprises – CTOne
    Attacks on 5G Infrastructure From Users’ Devices | Trend Micro (US)
    Attacks on 5G Infrastructure From User Devices: ASN.1 Vulnerabilities in 5G Cores | Trend Micro (US)
  4. Even though it may be considered a typical IT incident, without a security solution deployed with N3 inspection capabilities, the traffic remains invisible. Meanwhile, if an enterprise only deploys an IT firewall at N6, it will miss the attack, as they originate from the endpoint rather than the data network side.
  5. Our joint defense approach performed flawlessly, not only blocking the traffic at N3 but also automatically severing connections to corrupted endpoints and stopping them from executing further attacks.
  6. The impacted endpoints were quickly identified and displayed on the CTOne management console, highlighting the power of real-time monitoring of private 5G security events.

More To Explore

Netcube Inc.

Netcube is a leader in mobility management solutions for enterprise networking, renowned for its acclaimed authentication and IP automation technologies. Netcube also specializes in implementing 5G connectivity across various industry applications. As an official sales channel partner of CTOne in Korea, we collaborate to offer private 5G enabler solutions with comprehensive security measures. These solutions leverage network slicing-based security controls and ensure industry-specific guaranteed mobility networking.

SpectrEdge

As a professional 5G telecommunication networking solution vendor,  SpectrEdge and CTOne combined solution delivers rapidly deployable 5G Networking with Industry-Leading Security designed for financial, defense, and public safety markets.

Neutroon

Neutroon and CTOne revolutionize wireless management and cybersecurity, offering 'API First' network control, security, and edge orchestration. Neutroon's unified management spans radio, core, devices, and applications, while CTOne enhances end-to-end security. This collaboration empowers CSPs and enterprises with a scalable, intelligent platform for 5G/LTE.

Pegatron

With a strong focus on operational security, the combination of Pegatron`s end-to-end private 5G offerings and CTOne`s cybersecurity solution enables a more effective approach to enabling smart factories. By addressing critical operational and cybersecurity needs, the joint solution enables modern enterprises to realize the true value of next-generation wireless deployment in their smart factories.

Nexcom

As a certified hardware platform partner, NEXCOM’s hardware appliances have been tested and certified as compatible with CTOne's virtualized private 5G security solution. As a certified solution, global organizations are able to confidently harness the power of CTOne’s leading cybersecurity capabilities in combination with NEXCOM's extensive capabilities in Edge AI, Fixed Wireless Access (FWA), private 5G, and secure IoT connectivity.

Saviah

The joint Saviah-CTOne solution leverages Saviah's cost-effective, high-performance, reliable, and interoperable industrial-grade 5GC service and CTOne's proven end-to-end security. The result: a more secure and easier to manage private mobile network environment for enterprises with the ability to leverage the major features and versatility of 5G.

Inventec

Securing OT environments connected to CT networks, the integration of Inventec's Smart Factory DX solution with CTOne extends our security capabilities beyond CT into OT. With our joint solution, we offer enterprises an end-to-end service encompassing IT, OT, and CT, complete with a holistic cybersecurity strategy to support enterprises during digital transformation.

Ataya

The integration of Ataya’s Harmony solution with CTOne provides enterprises with comprehensive connectivity and security visibility across 5G, Wi-Fi, and wired networks. With this joint solution for hybrid networks, enterprises gain full security visibility into Ataya’s Universal Connectivity Platform while supporting a zero-trust strategy and reducing the effort and cost associated with security management.

This website uses cookies for website functionality, traffic analytics, personalization, social media functionality and advertising. Our Cookie Notice provides more information and explains how to amend your cookie settings. Learn more