Behind China's Infiltration on U.S Infrastructure

Hacking groups associated with China, particularly the Chinese People's Liberation Army, have targeted critical infrastructure assets in the U.S., including utilities, communications, and transport. The attacks, part of China's Volt Typhoon cyber campaign ongoing since 2021, aim to infiltrate the computer systems of key U.S. infrastructure units. Sectors affected include manufacturing, education, communications, information technology, utilities, and construction. Although no disruptions have occurred, the attacks raise concerns about potential implications in the event of a U.S.-China conflict. The U.S. government is collaborating with tech companies and the private sector to implement mitigation strategies, such as enhanced monitoring, improved authentication methods, and large-scale password resets. (spiceworks.com)

If this has been going on since 2021, why is it exploding in the news right now?

Where is the cooperation between governments, tech companies, and the private sector?

My thoughts: Government systems remain some of the most compelling targets for bad and foreign actors / governments. We are led to believe that our governments are safeguarding our country, critical assets, and information with the highest level of caution. Still, we see simple leaks and breaches happen.

Mitigating such threats requires a comprehensive approach, involving not only technological defenses but also international collaboration to ensure countries keep investing and remain at the forefront.

With so much reliance on international relationships nowadays, like in the enterprise, you must ensure the 3rd parties you interact with are keeping security top of mind. Governments could benefit from establishing norms and mechanisms for deterring and responding to cyber-attacks.

If the government can't set these standards and act as an example for the corporations and citizens, we are facing a very serious issue.

IMAGINE if Spider-Man was attacked...

Ransomware operator Rhysida claims to have successfully hacked video game developer Insomniac Games, known for its award-winning Spider-Man games and the upcoming Wolverine title. The hacker group has posted proof-of-hack data, including annotated screenshots from the Wolverine game, passport scans of Insomniac employees, internal emails, and confidential documents. Rhysida is running an auction on the data with a starting price of 50 bitcoins (over US$2 million) and has given Insomniac seven days before the full data set is published. Sony, the owner of Insomniac Games, is aware of the incident and is currently investigating.

My Thoughts: Despite all the safeguards in place and the seemingly improved backup strategies being adopted, Ransomware continues to be the most prominent way to get companies to pay a ransom for locked up / encrypted files. The exploitation of vulnerabilities leading to unauthorized access and data theft is a constant threat. To counter such attacks, organizations must have a multi-layered defense strategy. This includes regular security audits, employee training on phishing and social engineering, and the implementation of advanced threat detection solutions.

Why did such a major company get attacked? They have the funds to protect themselves and their employees. What is the reason these major players keep letting the hackers in?

Implementing a comprehensive backup and disaster recovery plan can minimize the impact of potential data breaches, ensuring a swift recovery process.

Discover our disaster recovery plan options and how Assurance IT protects businesses with our approved PPR Methodology.

CEO is out of business – post attack

Ukraine's largest mobile operator, Kyivstar, suffered a massive cyber attack that disrupted services and damaged IT infrastructure, with major services expected to be restored by the end of the week. CEO Oleksandr Komarov stated that full restoration of additional services might take several weeks. The group Solntsepyok, believed to be linked to Russian military intelligence, claimed responsibility and published screenshots indicating access to Kyivstar's servers. Komarov assured that customer data was not compromised, dismissing posted photos as fabricated. The Ukrainian security service (SBU) opened a criminal case, and investigations are ongoing into how the hackers gained access using an employee's compromised account. (ca.sports.yahoo.ca)

Many ask, how a major mobile operator, essential to a country's communication infrastructure, can fall victim to such a significant cyber-attack? Easy, it can happen to anyone!

My thoughts: The use of an employee's compromised account raises questions about the effectiveness of employee training and access controls. It’s important to understand how those account details were captured or compromised.  Was it a rogue employee or were the credentials actually stolen?

Many times, a user account is compromised, it is directly linked to an employee accidentally sharing their details in some form of phishing attack. This is why end user awareness training remains the most effective method to mitigate risk in the enterprise.

To safeguard against future cyber threats, Kyivstar and all enterprises need to prioritize employee training to recognize and thwart phishing attacks. There needs to be strict access controls for privileged account management. It’s not an option.

Discover Assurance IT and see why others chose us to protect their businesses. See exactly how we did it here

The Idaho National Laboratory is in MAJOR trouble. How can you explain?

The Idaho National Laboratory (INL), one of the U.S. Department of Energy's national laboratories, suffered a cybersecurity breach, revealing the theft of personal information from over 45,000 individuals through its cloud-based Oracle HCM HR management platform. The breach, confirmed on November 20, impacted current and former employees, including postdocs, graduate fellows, and interns, along with their dependents and spouses. The compromised data includes sensitive personally identifiable information (PII) such as names, social security numbers, salary details, and banking information. Investigations are ongoing, and the FBI and CISA are conducting a joint inquiry. The hacking group SiegedSec has claimed responsibility for sharing stolen data online, including full names, dates of birth, email addresses, phone numbers, Social Security Numbers, physical addresses, and employment details. (bleepingcomputer.com)

My thoughts: It’s clear they need heightened security in managing cloud-based platforms, especially those handling sensitive information. Why do organizations like research labs get breached? It’s obvious, their security posture is weak, and they aren’t prioritizing what's important. Like all breaches the Incident Response team will ask some pretty basic questions investigating this breach. Frankly we need to ask the obvious questions daily in the enterprise.

Are you using multifactor authentication, continuous monitoring, and regular security audits to thwart attacks?

The incident also highlights the importance of threat intelligence sharing and collaboration with law enforcement agencies for a swift and comprehensive response.

Advanced data encryption and access controls are crucial in safeguarding sensitive PII, preventing unauthorized access even in the event of a breach.

Have you considered implementing modern data protection? Read about it here.

With Assurance IT, you’re protected.