Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners, have issued a stark warning about a sophisticated cyber threat group known as “Volt Typhoon.”
This group, backed by the People’s Republic of China (PRC), has been actively pre-positioning itself within the networks of U.S. critical infrastructure organizations.
The aim is to enable the disruption or destruction of critical services in the event of heightened geopolitical tensions or military conflict involving the United States and its allies.
A Coordinated Advisory
The advisory, released on February 7, 2024, details the Volt Typhoon’s activities and its successful compromises of U.S. organizations, particularly those in the Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors.
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
The authoring agencies have called on owners and operators of critical infrastructure to review the advisory for defensive actions against this threat, emphasizing the potential impacts on national security.
Guidance for Critical Infrastructure Leaders
CISA and its partners are urging the leaders of critical infrastructure entities to prioritize protecting their infrastructure and functions.
Recognizing cyber risk as a core business risk is essential for good governance and fundamental to national security.
The fact sheet provides actionable guidance for leaders to empower their cybersecurity teams, secure their supply chains, and foster a culture of cybersecurity within their organizations.
The highly sophisticated threat poses a serious risk to organizations’ security and operations.
The concerned agencies need to take necessary measures to safeguard their systems and networks against this threat, as reported by CISA.
Empowering Cybersecurity Teams
Leaders are encouraged to make informed resourcing decisions, leveraging intelligence-informed prioritization tools like the Cybersecurity Performance Goals (CPGs) or a Security Risk Management Assessment (SRMA) guidance.
The focus is on applying detection and hardening best practices, continuous cybersecurity training, and developing comprehensive information security plans.
Effective risk management policies are crucial to minimize the likelihood of damage from a compromise.
This includes establishing robust vendor risk management processes, exercising due diligence in vendor selection, and advocating for vendors to deliver secure and resilient systems.
A recent tweet from the NSA Cyber, CISA, NSA, and FBI cautions about a cyber threat named Volt Typhoon that targets critical infrastructure.
Aligning performance management outcomes with the cyber goals of the organization is critical.
This involves encouraging collaboration across departments, championing cybersecurity risk assessments, and increasing awareness of social engineering tactics.
Incident Response
In the event of an incident, organizations are advised to implement their cyber incident response plan and report incidents or anomalous activity immediately to an authoring agency.
Regular review and update of cyber incident response plans are recommended.
Specific contact information is provided for organizations in the U.S., Australia, Canada, New Zealand, and the United Kingdom for reporting incidents or accessing further assistance.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.