Does speedier connectivity with 5G lead to faster attacks?

RANKED first for its digital infrastructure in the Economist Intelligence Unit's latest Asian Digital Transformation Index, Singapore has announced plans to roll out at least two 5G networks by 2020 to continue empowering its Smart Nation ambitions. This decision comes as no surprise as the implications of 5G are tremendous. With low latency and extremely high bandwidth, 5G networks will be able to support up to one million devices per square kilometre. This is significant given that IDC predicts that there will be 41.6 billion connected Internet of Things (IoT) devices by 2025 globally.

However, the benefits derived from 5G can also be used for nefarious purposes. The sheer volume and speed of data flows on 5G coupled with the increased number of devices expected on these networks provide threat actors with a greater surface area to launch their attacks. This is becoming a cause for concern for regulators, policymakers and service providers worldwide.

5G's new wave of vulnerabilities

IoT has come a long way, from the invention of the toaster that could be controlled over the Internet in 1990, to connected smart home devices like Amazon's Alexa, and now, to systems that control public infrastructure, such as power grids. As Singapore progresses towards its Smart City ambitions, one fact remains unchanged - IoT devices continue to be one of the most exploitable toolsets in a cybercriminal's arsenal due to the unregulated nature of the IoT industry.

The fact that manufacturers are still producing IoT devices without security in mind, combined with the billions of IoT devices lacking the necessary security protection, means that threat actors have ample opportunities to launch their attacks without having to invest in expensive resources.

Earlier this year, a firewall vulnerability allowed hackers to attack the US power grid, causing outages - all thanks to a firmware that the operator had failed to update. Furthermore, security analysts have detected a group of hackers scanning power grids across the US in search of access into the larger network. Not surprising given that both US and Russia have been constantly launching cyberattacks on each other's power grids as part of their political power play. Attacks like these would have a devastating impact on smaller nations like Singapore. A successful attack would not only have a crippling effect on the city-state but could also dent the public's confidence in its Smart Nation projects.

The rise of IoT devices also brings with it the rise of thingbots that further exacerbate this problem. Just like a crack that forms on a dam, a single compromised IoT device is enough to create a flood of cyberattacks to take down critical systems.

If you are using a webcam that was manufactured before 2010 that has not had its firmware updated, the devices can be easily exploited by cybercriminals to propagate malware throughout the larger network infrastructure. All cybercriminals need to do now is to scan for and apply brute force to vulnerable devices, install malware, and "auto build" thingbots to enable the attack to take its course.

Case in point, the StarHub broadband outage in October 2016 was caused by hackers leveraging common devices such as webcams and digital recorders to launch an attack on StarHub's own network. On the two occasions that it happened, home broadband subscribers could not access the web.

Securing your business on 5G

To have a fighting chance against these threats, it is crucial for regulators and government agencies to not only create guidelines to educate businesses and how to be better prepared in the face of these threats, but also enforce regulations that require IoT manufacturers to design products with security in mind.

In Singapore for example, the Infocomm Media Development Authority of Singapore (IMDA) launched an IoT Cyber Security Guide earlier this year for IoT developers, providers and users. The IMDA knows that threats will continue to evolve and sees this as a "living" document that will be constantly updated to feature new trends and recommendations that would be of relevance to all concerned parties.

IoT manufacturers and Service Providers, too, have a role to play in ensuring security remains a top priority in product design, and to release regular firmware updates to ensure devices can deflect new strands of IoT attacks as more connected devices are deployed on 5G networks.

For businesses using IoT devices, it is vital to have in place a mitigation strategy, as well as a robust security framework factor in a Distributed Denial of Service (DDoS) prevention. It is also critical for businesses to educate employees about the potential dangers of IoT devices and how to use them safely to safeguard their systems.

While there is no panacea for all our cybersecurity woes, having the right mix of antibiotics would go a long way in building up our immunity against these evolving threats in the brave new world of 5G.