Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Is Your IT Security Built to Withstand 5G?

October 15, 2019

  • Blog
  • Archive

After many years of promises, we’re finally on the cusp of the 5G era. 5G, a new, cellular wireless technology, is expected to provide connectivity to everything and perform data transfers at speeds that far exceed anything we have seen in the past. It will truly be the golden age of communication, automation, and barring privacy and government restrictions, everywhere and at any time.

5G will disrupt mobile device technology, unseatting 4G, LTE, and older 3G and 2G technologies. Home and commercial broadband and internet access will change and not require cable, POTS, satellite, or even fiber to provide high speed access - to everyone. New applications for information sharing will emerge between devices and people.

Oh—and the security ramifications will become a potential concern for everyone and everything. This requires particularly careful consideration.

According to Verizon wireless, the throughput of 5G will peak at 10Gbps (compared to 953 Mbps for 4G LTE) and accessible to devices traveling at 310 mph. This means any 5G device--mobile phone, IoT, and other—will be able to transmit or receive incredibly large quantities of data, even when traveling at speeds above any land-based transportation, and nearly half the speed of a commercial airliner. This creates a new attack vector for threat actors that the world has not seen before.

Here are some of the significant cybersecurity challenges posed by 5G:

  • Large quantities of data can be exfiltrated from an organization in a few seconds via a 5G-enabled device
  • Large quantities of data exfiltration no longer require hacking the cloud, removable media, nor egressing data via a firewall. They can route through a cellular network with a malicious 5G device that has access to an organization’s information.
  • Threat actors can now use “true drive-by” hacking techniques to communicate with rogue or compromised 5G devices to exfiltrate data, perform command and control, or maintain a persistent presence because communications to compromised or rogue 5G devices can occur at high velocities. If you consider over 400 million 5G-enabled devices are expected to be shipped in 2022 alone, hacking the devices will become a new attack vector for a persistent presence.
  • Finally, 5G represents a new attack vector for Distributed Denial of Service attacks. (DDOS). Due to the high bandwidth, low latency (up to 120x less than 4G), mobile nature, difficulty potentially with tracking geolocation based on privacy and carriers, infected 5G devices could be the largest botnet to attack “anything” since the Mirai Botnet, which occurred 2016.

These should not stop the deployment of 5G. In fact, enterprise cyber defenses for these new types of attacks and data exfiltration may begin to employ certain military tactics. These include:

  • Using “jammers” to block cellular communications from within sensitive networks and buildings that may allow access to data via traditional wired or wireless networks. While these are considered illegal today, I do believe changes will be required to protect sensitive environments, especially government installations.
  • For the most sensitive environments, organizations may want to consider deploying a “no electronic device” allowed policy before entering a data center or network-accessible building. This typically requires that all staff and visitors store all of their electronics in a secure locker before entering a building. This should help reduce the risk of a threat actor bringing in a rogue 5G device, but it does not eliminate the threat if they conceal the device and it is small enough (i.e. a raspberry PI enabled with 5G, ethernet, and hacking software)
  • Organizations may also consider a commercialized electromagnetic pulse generator (EMP) to “fry” any electronics in a staging room before a user enters the secure area. This is a technique governments have been using to protect against hostile surveillance equipment for years.

While the threat of hacking using 5G is very real, organizations may also want to adopt one simple additional policy. No bridging of 5G-enabled devices to the corporate network. That is, if your device is 5G-enabled, do not allow wired and wireless connections to be active at the same time. While this is not perfect, it does prevent a 5G device from becoming that gateway into a network. This is very similar to many existing policies that prevent laptops from having wired (Ethernet) and wireless (WiFi) communications enabled at the same time.

5G will change our lives—the benefits it confers are many. But, with tremendous amounts of data and speed pervasively available, it will necessitate the right security and judicious policies. New hacking techniques will emerge and threat mitigation strategies will have to evolve too. In some ways, this all represents a security theme that’s been repeated over and over, leading us now to a new phase of hyper-acceleration of data theft.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

Whitepapers

Evolving Privileged Identity Management (PIM) In The 'Next Normal'

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.