The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners, are issuing a stark warning about the advanced cyber threat group known as “Volt Typhoon.” did.
The group, with support from the People's Republic of China (PRC), has been active within the network of U.S. critical infrastructure organizations.
Its purpose is to enable the disruption or destruction of critical services in the event of heightened geopolitical tensions or military conflicts involving the United States and its allies.
Adjusted recommendations
The advisory, released on February 7, 2024, details Bolt Typhoon's activities and successful compromises of U.S. organizations, particularly those in the communications, energy, transportation systems, and water and wastewater systems sectors.
Free Webinar: Mitigating Vulnerabilities and Zero-Day Threats
Alert fatigue doesn't help anyone, as security teams have to triage hundreds of vulnerabilities. :
- Today's fragility fatigue problem
- Differences between CVSS-specific and risk-based vulnerabilities
- Assess vulnerabilities based on business impact/risk
- Automation reduces alert fatigue and significantly strengthens your security posture
AcuRisQ helps you accurately quantify risk.
The authoring agencies called on owners and operators of critical infrastructure to review their recommendations regarding protective measures against this threat, highlighting the potential national security implications.
Guidance for critical infrastructure leaders
CISA and its partners are asking leaders of critical infrastructure organizations to prioritize protecting their infrastructure and capabilities.
Recognizing cyber risk as a core business risk is essential to good governance and fundamental to national security.
This factsheet provides practical guidance for leaders to strengthen their cybersecurity teams, protect their supply chains, and foster a culture of cybersecurity within their organizations.
This highly sophisticated threat poses a significant risk to your organization's security and operations.
According to the CISA report, agencies should take the necessary steps to protect their systems and networks from this threat.
Empower your cybersecurity team
Leaders are encouraged to leverage intelligence-based prioritization tools such as cybersecurity performance objectives (CPGs) and security risk management assessment (SRMA) guidance to make informed resource decisions.
Emphasis is placed on applying detection and hardening best practices, ongoing cybersecurity training, and developing a comprehensive information security plan.
Effective risk management policies are critical to minimizing the potential for harm from a breach.
This includes establishing a robust vendor risk management process, exercising due diligence in vendor selection, and advocating for vendors to provide secure and resilient systems.
Recent tweets from NSA Cyber, CISA, NSA, and FBI warn of a cyber threat called Volt Typhoon targeting critical infrastructure.
It is important to align performance management results with the organization's cyber objectives.
This includes fostering cross-departmental collaboration, promoting cybersecurity risk assessments, and increasing awareness of social engineering tactics.
Incident response
In the event of an incident, organizations are encouraged to implement a cyber incident response plan and immediately report the incident or unusual activity to the producing agency.
It is recommended that you regularly review and update your cyber incident response plan.
Specific contact information is provided for organizations in the United States, Australia, Canada, New Zealand, and the United Kingdom to report incidents and receive further assistance.
Stay up to date with cybersecurity news, whitepapers, and infographics. Follow us on LinkedIn. twitter.
