It has been reported that a Chinese cyberespionage group has been attacking organizations worldwide by exploiting vulnerabilities in popular business applications and devices from companies such as Cisco, Citrix and Zoho. In light of the ongoing COVID-19 crisis, the risk to companies is even greater, because IT staff are working remotely and the rush to accommodate work-from-home employees might leave business applications exposed to the internet without adequate protection.
Intruders continue to target infrastructure, not just endpoints and servers. Defenders cannot ignore infrastructure devices like routers, switches, and VPN concentrators, assuming they are trustworthy and safe to use. Instrument those devices using network security monitoring tools and methods to ensure that your trust is well-placed.
The activities of APT41 illustrate that the attack method used by these notorious hacking groups aren’t particularly advanced. They still focus primarily on commonly exploited vulnerabilities. They just do this in an organised way – so rather than calling them advanced, maybe they should just be called organised persistent threats (OPTs). Rather than using zero day attacks, they go after operating systems and programs known to have easily exploitable flaws. For the security leader, the lesson is that it doesn’t require an advanced defense to defeat these attacks. Basic cyber hygiene will still close most of the holes these criminals are trying to climb through.