SecurityGen sends in BAS as hackers hold farmers to ransom
Cyber crime fighter SecurityGen has launched the Artificial Cybersecurity Expert ACE, a ‘breach and attack simulation’ (BAS) system designed to let mobile network operators (MNOs) continuously assess their security from the latest threats identified by intelligence agencies. It could be a timely launch, as news of an emerging Internet of Things (IoT) threat to telcos was announced by the FBI.
The US Federal Bureau of Investigation (FBI) released a paper outlining the new trend in Ransomware – attacking farms when they are negotiating the most dangerous handovers in the supply chain. According to the FBI, it has been informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss and disrupting the food supply chain.
Holding food to ransom
Ransomware attacks took place against six grain cooperatives during the Autumn 2021 harvest and there were two attacks in the spring of 2022 that could affect the planting season by disrupting the supply of seeds and fertiliser. Agriculture is increasingly run by the IoT, especially since labour shortages were introduced by events such as Covid, Brexit and immigration control measures. Many IoT installations are insecure since there are too many devices on the network for operators to configure individually. Many are left on factory settings and are easily hacked, because default passwords for well-known gadgets are shared on hacker’s websites.
Find the weak spots
ACE works by identifying and reporting potential gaps and vulnerabilities within the mobile operator’s network. It then carries out simulations of real-world attacks on these weak spots to assess their seriousness and the potential damage that a real attack could cause. It then generates a detailed security ‘posture’ report that includes remediation guidance to help the operator address the vulnerabilities and prevent future security breaches before they happen.
“Operators want fast inspections and efficient assessments of the security of their networks. Manual assessment techniques are expensive, intense and need specialist expertise,” said SecurityGen CEO Amit Nath. As a result operators skimp on them and mobile networks are left open to attack. If these are not detected they will lead to outages, denial of service attacks and even ransom demands.
Cloud encourages team work
ACE provides critical assessment of signalling network security and GSMA compliance tests and its range takes in 5G networks to legacy platforms like HTTP/2, Diameter and SS7 signalling, and the GTP protocol. SS7 is still regarded regarded as a major weakness. In response ACE has an in-built AI module that aims to fine tune its performance by incorporating data from events and attack vectors identified in the field.
The ACE platform is cloud based, so operators don’t need to install it directly or reconfigure their network. The cloud flexibility means it works with different teams within the same operator and let them carry out inspections. The core network team’s security needs are different to those of the RAN team, and the customer experience team’s views is alien to the fraud team.
Each IoT is uniquely vulnerable
“Every mobile network has a unique infrastructure, with different equipment, configurations, and multiple other variables,” said SecurityGen CTO Dmitry Kurbatov, “new technologies like 5G, Virtualisation, Cloud, Artificial Intelligence, Internet of Things and disaggregation means mobile networks are far more complex and dynamic than ever before.” It gets even harder when operators have to blend 2G, 3G, and 4G/LTE networks. The arrival of 5G was the last straw, according to Kurbatov.
Meanwhile the FBI paper says a variety of ransomware variants are being primed for Ransomware attacks. Telco security should look out for names like Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte.