What Do You Think Of CISA Latest Alert Warning Exploitation Of Network Providers And Devices By Chinese-backed Threat Actors?

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Terry Olaes
Terry Olaes , Technical Director
InfoSec Expert
June 9, 2022 1:38 pm

Threat actors are targeting known common vulnerabilities and exposures (CVEs) of major telecommunications companies to harvest data and steal credentials. The NSA, CISA, and the FBI noted that upon gaining initial access to a telecommunications organization or network service provider, People’s Republic of China (PRC) state-sponsored cyber actors have successfully identified critical users and infrastructure, including systems critical to maintaining the security of authentication, authorization, and accounting. 

It is the latest urgent reminder that cybercriminals are increasingly targeting known vulnerabilities hiding in plain sight and turning them into backdoors to deploy complex attacks that are increasing at record rates. If organizations only rely on conventional approaches to vulnerability management, they may only move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS). Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.
 
To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape. Organizations should ensure they have solutions in place capable of quantifying the business impact of cyber risks into economic impact. This will help them identify and prioritize the most critical threats based on the size of financial impact, among other risk analyses such as exposure-based risk scores. It’s essential for organizations to increase the maturity of their vulnerability management programs to ensure they can quickly discover if they are impacted by vulnerabilities and how urgent it is to remediate.

Last edited 5 months ago by Terry Olaes
Andrew.kahl
Andrew.kahl , CEO
InfoSec Expert
June 9, 2022 1:37 pm

We applaud CISA for their continued focus on helping organizations protect themselves against attacks by both private and state-sponsored malicious actors. This continued demonstration of expertise and dedication are some of the reasons we recommend our customers around the world follow CISA’s advice on subjects like this.

Last month CISA released a joint advisory that recommended prioritizing the patching of software containing known vulnerabilities. These two advisories within a month of each other indicates threat actors are increasingly targeting known vulnerabilities, because they understand many organizations are slow to implement patches.  One of the most common vectors for attackers is through known vulnerabilities that otherwise could have been patched. In fact, 87% of organizations have experienced an attempted exploit of an already-known, existing vulnerability. Once an attacker successfully exploits a vulnerability they can wreak havoc on a company’s network and bring continuity to a halt.

Automation is a critical component of any sound enterprise cybersecurity strategy, enabling organizations to quickly and efficiently deploy updates such as the ones recommended by CISA and ensure a hardened network infrastructure. By automating the implementation of patches and upgrades, network operations teams can make this task achievable across the entire network in minutes, and eliminate the potential for human error. New patches are then implemented as the system receives them, further reducing the attack surface. What’s more, the right tools will provide detailed reporting on the status of patches – network security teams can rest assured that patches were installed correctly and in a timely manner. We recommend organizations leverage their automation tools not only to identify and remediate the issues identified here, but to create an environment that continuously improves the health, performance, and compliance of their network security.

Last edited 5 months ago by andrew.kahl
2
0
Would love your thoughts, please comment.x
()
x