CISA warned of the “imminent risk” posed by Chinese state-sponsored threat actors to critical infrastructure organizations and urged their leaders to take defensive action.
A fact sheet released Tuesday in collaboration with the National Security Agency, the FBI, and other domestic and international government partners asks critical infrastructure leaders to understand the risks posed by Chinese state threat actors, tracked as Bolt Typhoon. It outlines how you can protect yourself.
The fact sheet follows an earlier security advisory published on February 7, in which CISA said Bolt Typhoon had access to certain U.S. critical infrastructure organizations over a five-year period. The advisory followed his announcement in late January that the U.S. government had disrupted a botnet of small office/home office routers used by threat actors. Although the government has managed to wipe out this botnet, which consists primarily of end-of-life Cisco and Netgear routers, the Volt Typhoon remains a threat.
In a fact sheet, CISA notes that Bolt Typhoon tends to live off land-based techniques, meaning it tends to use legitimate tools and systems' built-in capabilities to carry out attacks without the use of malware. emphasized. As a result, the Cyber Agency advised organizations to apply effective detection and strengthen best practices, such as implementing detailed logging.
“Bolt Typhoon does not rely on malware to maintain network access and conduct its operations,” CISA said. “Rather, they use built-in features of the system. This technique, known as 'living off the land,' allows them to easily evade detection.” organizations require a comprehensive, multifaceted approach.”
Additionally, CISA said critical infrastructure leaders should conduct tabletop exercises and develop information security plans.
“Leaders should ensure that all business units, including executives, are involved in the development of the plan, approve it, and are aware of their roles and responsibilities,” the recommendation reads. ing. “Ensuring a comprehensive, tested plan is in place and approved will help cybersecurity teams make the right risk-based decisions.”
In a section dedicated to securing an organization's supply chain, the fact sheet recommends establishing a strong vendor risk management process to “assess and monitor third-party risk.” CISA urges those involved in procurement that these leaders should use secure-by-design principles to inform decisions about which hardware and software vendors to work with. Stated.
CISA also said critical infrastructure leaders should “promote a culture of cybersecurity” by promoting cybersecurity risk assessments and audits, partnering with external security experts, and raising awareness of social engineering tactics. Ta. The agency encouraged “collaboration across IT, OT, cloud, cybersecurity, supply chain, and business units to align security measures with business objectives and risk management strategies.”
TechTarget editorial staff has contacted CISA for additional comment.
This fact sheet is the latest in a series of critical infrastructure alerts issued by the U.S. government regarding national threats to critical infrastructure. On March 18, Environmental Protection Agency Administrator Michael Regan and White House National Security Adviser Jake Sullivan released an open letter to state governors regarding cyberattacks on water and wastewater facilities.
“Drinking water and wastewater systems are attractive targets for cyberattacks as they are critical infrastructure sectors of lifelines, but they lack the resources and technical capacity to implement rigorous cybersecurity practices. “There are many,” the letter says. “As identified by the Sector Risk Management Agency in Presidential Policy Directive 21 on Water and Wastewater Systems, the U.S. Environmental Protection Agency (EPA) is committed to ensuring that the nation's water sector is resilient to all threats and hazards. is the leading federal agency for the
Additionally, “partnerships with state, local, tribal, and territorial governments are essential to EPA's ability to accomplish this mission. In the spirit of that partnership, we are working to address the pervasive and difficult risks of cyber-attacks to drinking water systems.” We ask for your support in dealing with this.”
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
