Chinese cyber spies are once again causing panic in the White House.
WASHINGTON (Reuters) - U.S. authorities have expressed concern over the actions of Chinese hacker group Volt Typhoon, warning owners and operators of critical infrastructure to protect themselves from potentially devastating cyber attacks.
The new warning, issued by CISA, the NSA, the FBI and 8 other international partners, is aimed at providing guidance to senior managers who do not have technical knowledge.
The warning encourages organizations to use intelligence-based prioritization tools, such as CPGs (Cross-Sector Cybersecurity Performance Goals) or recommendations received from the Sector Risk Management Agency (SRMA).
In addition, attention is focused on the need to comply with best cybersecurity practices, including enabling logging for all applications and systems and centralized log storage. This mechanism will help security teams identify living off the land (LotL) tactics that involve the use of legitimate administrative tools and software to disguise and avoid detection by security tools.
In addition, organizations are encouraged to develop an incident response plan and conduct regular training exercises so that each employee knows their role and how to respond to an attack.
It also highlights the importance of ensuring supply chain security and the availability of risk management processes for suppliers, including strict compliance with security standards and managing issues of foreign Ownership, Control ,or Influence (FOCI), taking into account, for example, the Entity List.
This warning is not the first one dedicated to the Volt Typhoon group. In February, the US authorities said that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The hackers activities did not meet the traditional goals of cyber intelligence and data collection. With a high degree of confidence, we can say that Volt Typhoon was preparing the ground for possible sabotage.
WASHINGTON (Reuters) - U.S. authorities have expressed concern over the actions of Chinese hacker group Volt Typhoon, warning owners and operators of critical infrastructure to protect themselves from potentially devastating cyber attacks.
The new warning, issued by CISA, the NSA, the FBI and 8 other international partners, is aimed at providing guidance to senior managers who do not have technical knowledge.
The warning encourages organizations to use intelligence-based prioritization tools, such as CPGs (Cross-Sector Cybersecurity Performance Goals) or recommendations received from the Sector Risk Management Agency (SRMA).
In addition, attention is focused on the need to comply with best cybersecurity practices, including enabling logging for all applications and systems and centralized log storage. This mechanism will help security teams identify living off the land (LotL) tactics that involve the use of legitimate administrative tools and software to disguise and avoid detection by security tools.
In addition, organizations are encouraged to develop an incident response plan and conduct regular training exercises so that each employee knows their role and how to respond to an attack.
It also highlights the importance of ensuring supply chain security and the availability of risk management processes for suppliers, including strict compliance with security standards and managing issues of foreign Ownership, Control ,or Influence (FOCI), taking into account, for example, the Entity List.
This warning is not the first one dedicated to the Volt Typhoon group. In February, the US authorities said that Volt Typhoon has been in some networks of the country's critical infrastructure for at least 5 years. The hackers activities did not meet the traditional goals of cyber intelligence and data collection. With a high degree of confidence, we can say that Volt Typhoon was preparing the ground for possible sabotage.
