GSMA 移動通信安全現(xiàn)狀 (GSMA Mobile Telecommunications Security Landscape)

GSMA

MobileTelecommunicationsSecurityLandscape

February2024

GSMAMobileTelecommunicationsSecurityLandscape

ThisisaninformationpaperoftheGSMA

SecurityClassification:Non-confidential

Accesstoanddistributionofthisdocumentisrestrictedtothepersonspermittedbythesecurityclassification.Thisdocumentissubjectto

copyrightprotectionandistobeusedonlyforthepurposesforwhichithasbeensuppliedandinformationcontainedinitmustnotbedisclosedorinanyotherwaymadeavailable,inwholeorinpart,topersonsotherthanthose

permittedunderthesecurityclassificationwithoutthepriorwrittenapprovaloftheAssociation.

CopyrightNotice

Copyright?2024GSMAssociation

Disclaimer

TheGSMAssociation(“Association”)makesnorepresentation,warrantyorundertaking(expressorimplied)withrespecttoanddoesnotacceptanyresponsibilityfor,andherebydisclaimsliabilityfortheaccuracyor

completenessortimelinessoftheinformationcontainedinthisdocument.Theinformationcontainedinthisdocumentmaybesubjecttochange

withoutpriornotice.

AntitrustNotice

TheinformationcontainhereinisinfullcompliancewiththeGSMAssociation’santitrustcompliancepolicy.

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

Contents

GSMACTOForeword

1

GSMAFraudandSecurityGroupChair

2

Chair,GSMAFraudandSecurityGroup&CEO,CopperHorseLtd

2

1.KeyPoints

3

2.Introduction

5

3.AttacksonOperators

7

Analysis

8

4.Attacksonvirtualisedinfrastructure

10

Analysis

10

5.SupplyChains

12

Analysis

12

6.GlobalTitleAbuseandInterconnect

14

Analysis

15

7.Malware&Ransomware

16

Analysis

17

8.Spyware

18

Analysis

18

9.MobileAppSecurity

20

Analysis

21

10.NewandRepackagedFraudTypes

22

Analysis

23

11.Theemergingsecurityoperatingcontext

24

AForwardLook

26

Summary

29

12.Finalthoughts

30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

GSMACTOForeword

As5Gusagegatherspaceinbothconsumerandenterprisesettings,itsbenefitswillspreadacrosstheglobaleconomy.Wereachedmorethan1.4billion5Gconnectionsworldwideat

theendofQ32023.And,today,over270mobileoperatorsinmorethan100marketshave

launchedcommercial5Gservices.5Gmobileconnectivityisexpectedtoaddnearly$1trilliontotheglobaleconomyby2030,withalmosthalfofthiscomingfromnewenterpriseservicesandapps,acrosssectorsincludingfinance,healthcare,andeducation.

5Gnetworksdeliveraspartofamulti-generationalevolutionofmobileinfrastructure.2G,3Gand4Gnetworkscontinuetodeliverservicesacrossthe

globeandsuchconnectivitybecomesevermorefundamentaltoourdailylives.Assuch,thecybersecurityofthosenetworksisafundamental

technologyenablerthatisincreasinglymandated

bygovernmentsandrequiresconstantscrutinyandinvestmenttokeeppacewiththechangingthreat

naturedescribedinthis,andprevious,GSMAmobiletelecommunicationsecuritylandscapereports.

Thisthreatlandscapereportplaysakeyrolein

communicatingtheongoing,evolvingand

escalatingnatureofthethreatsfacingourindustry.Importantly,thereportdrawsonbothpublicsources

andreportsfromwithintheGSMAsecurity

community.Pleasetakethetimetoreadthisreportandgetinvolvedinourteamefforttoincreasetheprotectionofoperatordeployedtechnologyand

infrastructure,customeridentity,securityand

privacy.ExistingGSMAmemberscancontinueto

contributetooursecurityworkandareencouragedtoapplyGSMAsecurityguidelinesand

recommendationswithintheirbusinesses.

Otherinterestedstakeholdersarewelcometoget

involved:theycandosobyjoiningtheGSMA,whichwillensureaccesstoabreadthofsecurityadvice

andbestpractices.

AlexSinclair-ChiefTechnologyOfficer,GSMA

1/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

GSMAFraudandSecurityGroupChair

Thepastyearhasbeenanothereventfuloneinthemobilesecurityworld.Conflictsaroundtheglobehaveoftenfocusedontelecomstechnologiesandservices,eitherasadirecttargetorasaroutetoanothertarget.Inaddition,criminalattackscanandhavebeendevastating;ransom-wareisaconstantanxietyandthetechniquesforcompromisingbusinesseshavebecome

increasinglyeffective,oftenfocusingonindividualemployeesandsocialengineering.

Tocircumventdefensivemeasures,attackersoftenseektocompromiseotherpartsofthesupplychainandabusethetrustrelationshipsbetweenorganisa-tions.Thisissomethingthatwe’llneedtocontinue

toaddressasanindustry,alongwithothersupply

chainconsiderationssuchasdealingwithdeployed,commonvulnerabilitiesinsoftwarelibrariesinan

effectiveandswiftmannersuchthattheexposureofattacksurfacesisminimal.

Wecontinuetoseelargeamountsoffraudglobal-

ly,usingmanydifferenttechniques.Inalmostallof

these,includingwheresocialengineeringisinvolved,thereareunderlyingtechnicalvulnerabilitiesthat

havebeendiscoveredandthenexploitedassome

partoftheattackchain.Ourindustryneedsto

ensurethattheintelligenceaboutnewandemergingfraudsissharedanddisseminatedquicklyandmostimportantly–actedupon,inordertoeffectivelytakethefighttothefraudsters,leavingthemverylittle

opportunitytoexploitsystemsandsubscribers.

Ourjobindefendingagainstthethreatstomobile

iswhatIcallthe‘Janusproblem’.Wearerequired

tobothlookbackatallthelegacysystemsthatwe

needtoprotectagainstoldandnewattacks,but

alsotolookforwardandprotectnew5Gnetworks

thatarebeingdeployed,whilethinkingaboutwhatfuturenetworksecuritylookslikeandwhatattackswemayface.Akeyareaoffocusthisyearforuswasaddressingcommercialspywarevectors,whichoftenuseacombinationofoldandnewtechnologies.Wewillcontinuetoidentifythetechniques,tacticsandproceduresofthesethreatactorsinordertomake

themobilenetworkahostileenvironmentforthemtooperatewithin.

Thereisanincreasingrecognitionoftheimportanceofmobiletelecomssecurityinprotectingcritical

systemsandtheconsequencesoffailurefor

individualsthroughtobusinesses.Thesecurity

actionsthatwe’vetakenasanindustryandthe

recommendationsthatwehavedevelopedarebothmirroredin,andinformcybersecuritypolicy

developmentbygovernmentsaroundtheworld.

Thereisabroadcommitmentbyalltomeetthe

challengesfaced,butitisalsogettingmoreonerousforbusinesseswhomaynothavetheresourcesto

fixallthemanyissues,particularlywithlegacy

technologies.Thiscanseemanimpossible

challenge,howevertheseproblemswillnotgoawayandthereisnohidingfromattack–theymustbe

addressed.TheGSMAFraudandSecurityGroup(FASG)isaglobalcommunityofexpertsinmobiletechnologiesthatcanhelpyourcompany,so

pleasejoinusandgetinvolved.

DavidRogersMBE-Chair,GSMAFraudandSecurityGroup&CEO,CopperHorseLtd

2/30

GSMAMobileTelecommunicationsSecurityLandscape

Thetopicareasreportareshownin

year’s

GSMAMobileTelecommunicationsSecurityLandscape

KeyPoints

1.0

KeyPoints

Themaintopicareasidentifiedinthisyear’sreportareshowninthisdiagram.

Figure1

SupplyChain

Attacksonsupplychainscontinueandcanhaveaforcemultipliereffect

Attacksonvirtualisedinfrastructure

Attacksonvirtualmachinesandcontainersolutions

Attackson

virtualised

infrastructure

Interconnect

attacks

MobileApp

Security

New&

re-packagedfraud

Supplychain

GlobalTitleAbuse

Globaltitleabuseispartoftheongoingchallengetoprotectinterconnect&signallingnetworks

MobileOperatorAttacks

?Databreaches

?Ransomwareattacks

?Supplychainattacks

?Reconnaissanceandinitialaccess

?Directattacksonservicedelivery

?DDOSattacks

?Socialengineering

?Compromising‘theedge’

Attackson

Operators

Spyware

MobileAppSecurity

Deviceandapplicationsecurityareimportantindeliveringrobustdevicesecurityoperation

Ransomeware

New&Re-packagedFraud

Fraudattackscontinueandareoftenre-inventionsandre-packagedversionsof

previoustechniques

Spyware

Spyware,aparticulartypeofmobiledevicemalware,cancompromiseend-userprivacy

Ransomwareattacks

Malwareandransomwarepointstoanaccelerationinpatching&other

mitigations

3/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

KeyPoints

Malwareandransomwarerepresentasignificant,

enduringandongoingthreattothemobileindus-

try,itscustomersandwiderserviceprovidersupplychains.Themobileindustry(alongwithallothers)

hastosignificantlyaccelerateitsabilitytopatchandmitigatevulnerabilities.

Thesecurityofvirtualisedandcloudinfrastructureis,andwillcontinuetobe,vital.Asuccessfulattackonsuchinfrastructurecanhavewidespreadeffectsatsignificantscale.

Securingartificialintelligence/machinelearning

(AI/ML)platforms,dataandalgorithmsarekey

protectivemeasures.Beyondthat,thereissignif-

icantpotentialforgenerativeAIsecurityapplica-

tionstospotadvancedandcomplexattacktypes

andtocounterfraudtechniquesthroughadvancedanalytics.Maliciousactorsarealsohighlylikelyto

useAI/MLtogenerateadvancedattacktechniques,pointingtoarequirementfordefensiveteamsof

generativeagentscapableofengagingincomplexreal-timedefence.Significantandrapidprogressisbeingmadeinthisfield,makingitakeyareaoffocus.

Thereportalsodescribeshowattacktypes,suchasflubotsandphishing,reportedinthepreviouseditionsofthisreportareevolving.Atthesametime,itexploresthewidersecurityoperating

context,whichshouldbealliedtothethreattopicareasshowninthediagramabove.

Near-termactionsandinvestmentdecisionsshouldbeinformedbyboththecurrentthreatsandby

theemergingwidercontext.Thisapproachwill

helpensureinvestmentsareefficientandgeneratelonger-termstrategicbenefits.

4/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

Introduction

2.0

Introduction

ThisistheGSMA’ssixthannualMobile

TelecommunicationsSecurityLandscape

report.Buildingonanumberofpreviousreports1,itreflectsdevelopments

during2023.

Asthesecuritylandscapechangesrapidly,theongoingchallengeisto‘tipthebalance’of

securityinfavourofthedefenders.Someofthe

opposingforces-illustratedinthediagrambelow-aredescribedinthisreport,although,ofcourse,theydonotrepresentallofthedifferenttypesofattackstheindustryhastodealwith,norallofitsdefences.

Figure2

臥Securityattacks

Securebydesign

Threatintelsharing

Strongexistingsecuritycontrols

Securityculture

Proactivesecuritytesting

Securitydefences

Inreasingattacksophistication

Newguidelinesandstandards

Newattacktypes

Riskmanagement

Morecomplexityopeningnewattackvectors

Lowertechnicalbarriers

Newsecuritycontrols

Multi-layereddefences

Lifecyclesecurityappooach

Re-inventionofoldattacktechniques

Supplychainattacks

Humanthreat

Expandedattacksurface

Increasingvolumes

1See

GSMA|Publications-Security

5/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

Introduction

Thismobilesecuritylandscapereportdoesnotexistinisolation.Otherhighly-relevantsecuritylandscapereportsinclude:

?TheEuropeanUnionAgencyforCybersecurity(ENISA)ThreatLandscape2

?TheCrowdstrike2023GlobalThreatReport3

?TheANSSIStateofthethreattargetingthetelecommunicationssector4

?IBMSecurityX-ForceThreatIntelligenceIndex20235

?TheETISSecurityLandscape20236

?TheZimperiumGlobalTelecomThreatReport20237

2

ENISAThreatLandscape2023—ENISA(europa.eu)

3

/global-threat-report

4

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-010.pdf

5

/reports/threat-intelligence

6

/sites/default/files/content-files/ETIS-Papers/telco_sec_landscape_2023_published.pdf

7

/2023-global-mobile-threat-report

GSMAMobileTelecommunicationsSecurityLandscape6/30

GSMAMobileTelecommunicationsSecurityLandscape

3.0

AttacksonOperators

AttacksonOperators

Inordertoestablishandoperateeffective

securitydefences,itisnecessarytounder-standtheassetsthatmakeupthenetwork’sattacksurface.Thisincludesallthesystems(developmentandoperational),people

andprocessesusedtooperate,design

andmaintainthenetwork.Networkattack

surfacesareexpanding.Thereareincreasingnumbersofconnecteddevices(forexample,connectedvehiclesandIoTequipment),new

5Gstandalonecores,networkapplication

programminginterfaces(APIs),open-radioaccessnetwork(RAN)architecturesandnewartificialintelligence-enabledservices.Thediagrambelow,whichillustratesahigh-levelviewofatypicalmobilenetwork,provides

contextforthefollowingsectionsofthisreport.

>

>

<

\

\

OpenGatewayAPIs

RoamingHub

RVAS

Message

Aggregation

Hosted/OutsourcedSignalling

>

IPX

Internet

Figure3

OSS

AI/ML/XApps

HostedServices

BSS

Dedicated

Infrastructure

access

Network(s)

core

Network(s)

networkservices

Networking

NTN

VirtualisedCU

Software

COTSHardware

Dedicated&VirtualisedInfrastructure

Staff

devices

CustomerDevices

Corporatesystems

IT

VirtualisedInfrastructure

BaseBandUnit

IntegratedSoftware&Hardware

VirtualisedDU

Software

COTSHardware

OpenAPIs

OpenAPIs

OpenAPIs

Opertornetwork

Corporatepartners

Managed

Service

Providers

Interconnectpartner

Interconnectpartner

(incIoT)

7/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

AttacksonOperators

Theoperationalattacksurfaceiswideandcomplex.Attackscanbelaunchedatmanydifferentpoints

externallyandfromwithinthenetwork.Mobile

networkoperators(MNOs)havebeentargetedformanyyearsandtheseattackscontinuedin2023.Wecangrouptheseattacksintoeighttypes:

?Databreaches

?Ransomwareattacks

?Supplychainattacks

?Reconnaissanceandinitialaccess

?Directattacksonservicedelivery

?DDOSattacks

?Socialengineering

?Compromising‘theedge’

Asignificantnumberofattackshaveprimari-

lytargetedcustomerandstaffdatathatcanbe

furtherexploited,soldorleveraged.Ransomware

attackscanimpactaccesstoessentialnetwork

resourcesanddata,internalserversandcommuni-cationssystemsandcanresultintheunauthorisedextractionofdatafromITsystems.Directattacks8,includingDDoSattempts,cancompromisethe

availabilityofservicesonatemporaryorprolongedbasis9.Operators’employeeshavebeentarget-

edandmanipulatedintogivingattackersaccess

tosensitivesystems.Threatactorsalsoseekto

compromise‘theedge’ofenablingsystems(see

moreonthislater).AsMNOshavestrengthened

networksecuritycontrolsandimprovedend-pointdetectionandresponse,attackershavepivotedtotargetdevicesthatsupporttheunderlyingnetworkinfrastructure10.

Analysis

Theattractivenessofbothcustomerandstaff

dataandinformationmakesitanobviousongoingtargetforprospectiveattackers.Otherattacksseektoobtainreconnaissanceinformationoraninitial

networkaccessfromwhichtolaunchlaterattacksorgainfurtheraccessthroughprivilegeescala-

tionandlateralmovement(infactthefullrangeofMITREATT&CK?adversarytactics11).

DDoSattacks12aimtooverwhelminternetservices

withmoretrafficthantheycanhandle,withthegoaltodisruptthemandmakethemunavailableto

legitimateusers.Suchattackshavebeenlaunched

(oftenwithhighfrequencyandlargebandwidths13)againstMNOs14.DDoSattackscanbelaunchedviaavarietyofprotocols,includingtheapplicationlayer,networklayers,suchasIP,transportlayers,suchasUDP,andviasignallingroutes.ServicesareemergingthatseektomakelaunchingaDDoSattack

easier15.DefensiveDDoStoolsformanimportant

partofnetworkdefenceandshouldkeeppace

withtheincreasingrangeandmethodsofattacks.Acommondefensivecontrolistodroppacketsbyroutingthemtoa‘sinkhole’(i.e.thetrafficroutingis

changedsuchthatthepacketsaredropped

ratherthanallowingonwardconnectiontothetargetnetwork).

Securitycontrols,suchascustomisationofdefensivetoolsandproactivesecuritytesting,canallplayanimportantroleinmountingasuccessfuldefence.

Attacksviathirdpartieshighlighttheneedtoconsiderthetotalattacksurfaceforboth

insourcedandoutsourcedproductsandservices.

8Eg

/section/europe-s-east/news/russian-hackers-were-inside-ukraine-telecoms-giant-for-months-cyber-spy-chief/

9Forexample,theFrenchCybersecurityagencyANSSIobservedan“increaseincompromisesaffectingequipment,particularlyroutersatthecoreofoperators’networks.Theseattacks,ofahighlevelofsophistication,areoftencarriedoutoveralongperiodoftimeandaredifficulttodetect.”Seefullreportat

https://www.cert.ssi.gouv.fr/uploads/CERTFR-2023-CTI-010.pdf

10Exploredmorefullyin

/news-events/directives/binding-operational-directive-23-02

11

MITREATT&CK?

12

/resources/resource-library/reports/ddos-threat-landscape-report-2023/

13

DDoSthreatreportfor2023Q3()

14Forexample

Ukraine’sbiggestmobileoperatorsuffersmassivehackerattack-statement()

15

GermanPoliceRaidDDoS-FriendlyHost‘FlyHosting’–KrebsonSecurity

GSMAMobileTelecommunicationsSecurityLandscape8/30

GSMAMobileTelecommunicationsSecurityLandscape

AttacksonOperators

Theextendedsupplychaincontinuestobean

attractivetarget(asdiscussedinalatersection)forthoseintentoninflictingdamage.

Attacksthatseektocompromise‘theedge’caninvolvetargetingdevicessuchasVPNs,firewalls,Citrixenvironments,‘jump’boxes,loadbalancers,proxies,end-pointsandout-of-bandserver

managementinterfaces;especiallywheretheir

managementinterfacesareconnecteddirectlytopubliclyaccessibleinternetconnectivity.These

attacktypeshighlighttheongoingneedtobuildstrongsecuritydefences,includingsupporting

infrastructureandthoseprovidedbythirdpartiesandmanagedserviceproviders,andacrossthe

wholeattacksurfaceandserviceinventory.

Itisvitaltobuildandmaintainanaccurateand

completeinventoryofassetsandservicesinordertodefendthefullattacksurface.Resources,suchastheCybersecurity&InfrastructureAgency(CISA)

KnownExploitedVulnerabilityCatalogue16,canprovideusefulintelligenceonattackvectorsthathaveactuallybeenexploited,ratherthanmore

theoreticalattackmethods.

Morebroadly,thereareextensiveexistingsecuritydefenceguidelinesavailablefromtheGSMA’sFraudandSecurityGroup(FASG).TheGSMAhasrecentlycomprehensivelyupdateditsbaselinecontrols

documentFS.3117,whichdescribesasetof

effectiveandprovensecuritycontrolsthathavebeendevelopedbyGSMAmembers.

Morebroadly,someinterestingnewtoolscanhelpdesignthesecuritydefenceposture.Forexample,MITREhasreleased18a‘Navigator’tooltoassistinthedesignofcyberresilientsystemsandthe

’Decider’tooltohelpanalystsmapadversarybehaviourtotheMITREATT&CKframework.

16

/known-exploited-vulnerabilities-catalog

17

GSMA|FS.31GSMABaselineSecurityControls-Security

18

MITREReleasesTooltoDesignCyber-ResilientSystems()

&

/navigator

GSMAMobileTelecommunicationsSecurityLandscape9/30

GSMAMobileTelecommunicationsSecurityLandscape

Attacksonvirtualisedinfrastructure

4.0

Attacksonvirtualised

infrastructure

Withtherolloutof5G,theindustryismigrat-ingtocloud-basednetworkelementsand

infrastructure.Thisvirtualisedinfrastruc-

turecanbeimplementedthrough‘virtual

machines’and‘containers’.Containerscanprovideaprocess-levelseparationbetweenworkloadsthatmakethemquickandcheaptodeploy.

Asproductandfunction-relatedsoftwarecannowrunonarangeofnon-proprietaryplatforms,opera-torsensurethatwhatevercombinationofhardwareandsoftwaretheyuse,itstayssecure.Thisincludesensuringthatthesoftwareisuptodate,isrunningonoriginalandauthentichardwareandthatithasn’tbeenalteredbyanunauthorisedparty.

Herearesomerecentexamplesofattacksonvirtualisedinfrastructure.

?Mandiantreported19anincidentinMicrosoftAzurewherebytheattackeremployed

malicioususeoftheSerialConsoleonAzureVirtualMachines(VM)toinstallthird-partyremotemanagementsoftwarewithinclientenvironments.

?SentinelLabsreported20athreatactivity,

labelled‘WIP26’,targetingtelecommunicationprovidersintheMiddleEast.WIP26was

characterisedbytheabuseofpubliccloudinfrastructure–Microsoft365Mail,

MicrosoftAzure,GoogleFirebase,andDropbox–formalwaredelivery,data

exfiltrationandcommand&control(C2)purposes.

?TheErmeticresearchteamreportedthreevulnerabilitiesintheAzureAPI

Managementservice21:twoServer-Side

RequestForgery(SSRF)vulnerabilitiesand

afileuploadpathtraversalonaninternal

Azureworkload.Asthevulnerabilitieswere

sharedviacoordinateddisclosure,theyhave

beenfullypatched.TheGSMAencourages

disclosureofvulnerabilitiestoCVDschemestoenablethemtobeassessedandpatched

(whererequired)beforethevulnerabilitiesaremorewidelydisclosed.TheGSMA’sCVD

scheme22providesamechanismforreportingandaddressingindustry-widevulnerabilities

thatdonotaffectasinglevendororcompany.

Analysis

5Gisdesignedtobecloud-nativeand6Gis

likelytofurtherrelyoncloudandvirtualisednetworkinfrastructure.Assuch,virtualisedinfrastructureis

animportantandgrowingcomponentofmobilenetworks,asdemonstratedby:

?Thespecificationforemerging5Gstandalonecorenetworksrelyingoncloudandvirtualisedinfrastructure

?TheO-RANAlliancespecifications23includetheconceptofsupporting‘O-Cloud’

infrastructure.

?MobileEdgeCompute(MEC)solutions,whichmovecorefunctionsclosertothenetwork

edge,usuallyentailingtheuseofvirtualisedinfrastructure.

19

/cloud/microsoft-azure-vms-highjacked-in-cloud-cyberattack

20

/labs/wip26-espionage-threat-actors-abuse-cloud-infrastructure-in-targeted-telco-attacks/

21TheAzureAPIManagementserviceisafullymanagedplatformthatenablesorganizationstocreate,manage,secureandanalysetheirAPIsacrossallenvironments

22

GSMA|CVDProgramme

23

O-RANSpecifications

10/30

GSMAMobileTelecommunicationsSecurityLandscape

GSMAMobileTelecommunicationsSecurityLandscape

Attacksonvirtualisedinfrastructure

Correspondingly,somenationaltelecom

securityregulationshaveprioritisedincreased

securitycontrolsforvirtualisedandcloudimplemen-tations.Thecloudprovidersarerespondingtotheseregulationsbyreleasingpublicdocuments24that

demonstratehowtheirservicesmeetsomeofthenewgovernmentmandates.

Forcontaineriseddeployments,theunderlying

kernelandresourceschedulingissharedbetweeneverycontainerrunningonthehostwithin

thesametrustdomain.However,asingle

kernel-levelvulnerabilitymightallowanattacker

toimpacttheunderlyinghostand,therefore,all

concurrentcontainers.Thisforce-multipliermeansthatidentifiedvulnerabilitiesmustberemediatedasquicklyaspossibletominimisetheattackwindowandtheattackimpact.2023sawreports25from

hostingprovidersandtheFrenchComputer

EmergencyResponseTeam(CERT-FR)warnthatattackerswerecontinuingtotargetVMware

ESXiserversthatwereunpatchedagainsta

two-year-oldremotecodeexecutionvulnerabilitytodeployransomware.

Avirtualised,multi-vendorsolution-stackmayresultinsecurityconsiderationsmovingfrombeingthe

responsibilityofthenetworkvendortobeingtheresponsibilityoftheMNO.Forexample,inthecaseofanintegratedproductfromasinglevendor,theinternaldesignandintegrationofthehardware

platform,virtualisationandsoftwaremodulesarethesoleresponsibilityofthevendor.Witha

disaggregatedapproach,theunderlyingvirtualised

platform,virtualisationcodeandapplication

codemaybesourcedfromdifferentvendors.

Theresponsibilityforthesecomponentsworkingtogetherinasecuremannerwillrestwiththe

operator(oritssystemsintegrator/leadvendor).

Thesecurityofvirtualisedandcloudinfrastructureis,andwillcontinuetobe,vital.Asuccessfulattackonsuchinfrastructurecanhavewidespreadeffectsatsignificantscale.However,thereissubstantial

guidanceavailabletohelpsecurevirtualised

solutions,includinghowtomanagedistributedtrust

relationships.TheGSMAhasrecentlyupdateditsBaselineControls26addingfurtherguidance

specificallyonnetworkfunctionvirtualisation

andthereisongoingactivitywithintheGSMA’s

OpenInfrastructureGroup(closelylinkedto

Linu