Focus Areas:
βοΈ Governance, Risk & Compliance
, π Telecommunications Security
, π Network Security
, π― Penetration Testing
Presentation Material
AI Generated Summary
Here is a summary of the content:
Initial Attack
- An attacker exploited a DNS server, which could be from another operator.
- They created a GTP tunnel to exit to the core network.
- They used a VPS server as a command and control (CNC) server.
Lateral Movement
- The attacker performed internal lateral movement in the telecom operator’s network.
- They gathered data they wanted to cover and sent it via TTP.
Evasion of Detection
- The attacker used legitimate traffic protocols, making it difficult for operators to detect the malicious activity.
- Operators may not have been following security-wise compliance or government compliance, which contributed to the difficulty in detecting the attack.
5G Infrastructure Update
- 5G is an all-IP protocol that uses HTTP/2 and JSON for communication.
- It relies on mutual authentication between the subscriber and the core network.
- The core network defines whether a particular subscriber is legitimate or not, using a security anchor function.
Challenges in Compliance
- There are two types of compliance: security-wise and government compliance.
- Operators may not follow compliance rules, making it difficult to detect attacks.
- Vendors may not cooperate or provide necessary facilities without additional licenses.
Disclaimer: This summary was auto-generated from the video transcript using AI and may contain inaccuracies. It is intended as a quick overview β always refer to the original talk for authoritative content. Learn more about our AI experiments.