Summary
The FBI announced this week that there is likely going to be an increase in cyber-attacks against critical infrastructure by state-backed APTs (Advanced Persistent Threats). This includes utilities, oil pipelines, and other critical industries key to economic functions in the United States.
The particular campaign warned about recently has the underlying goal of undermining key sectors of the US supply chain and ability to function, with a heavy focus on OT equipment and industries that rely on this equipment for day-to-day operations. The campaign mentioned in this advisement, Volt Typhoon, is known for information gathering, specifically around gaining access to IT and OT systems, establishing persistence, and attempting to steal or manipulate data for future attacks. The goal of this campaign is to stage for future attacks in the event of a conflict between the West and China. This has been demonstrated with multiple pieces of evidence discovered that had to be exfiltrated from sensitive or protected areas of business, such as SCADA and OT configuration information which has led to the development of new attacks and unreleased zero-day vulnerabilities.
What does this mean for most businesses?
Although there will be an increase in threat activity, this particular threat will not directly impact the majority of businesses. However, the impacts of these attacks will be felt widely by businesses due to the impact this will have on supply chain and critical infrastructure.
If your business relies heavily on OT equipment, or play a key role in the supply chain for infrastructure or the DoD, it is much more likely to be directly or indirectly targeted in this campaign. And although this is a scary thought and it is worrying to see global tensions leading towards something we will all feel, don’t be scared be prepared. It is important, not only due to this announcement, but in general to take the time to prepare yourself, your business, and your employees for the chances of a cybersecurity incident. Not only does this specific threat increase the amount of risk for businesses, other groups are likely going to target outside of these targets for the a similar effect.
Supply Chain Risks
The primary threat associated with this announcement is the impact that this will have on your business’s supply chain. It is recommended that supply chains are reviewed and contingencies are put into place for key suppliers to your business, this may be in the form of a separate vendor, or a modification to your processes to prevent the reliance on a key part or supplies.
How can you be prepared?
1. Have a plan:
• What happens if you are impacted?
• What happens if your supply chain is impacted?
2. What does your attack surface look like?
3. Do your users know what an attack may look like?
• Are you doing Security Awareness Training?
• Know what is and isn’t normal in the business.
The good news?
You can be prepared. Bridgehead offers comprehensive cybersecurity solutions to help you:
- Identify vulnerabilities: We’ll assess your attack surface and pinpoint weaknesses to fortify your defenses.
- Educate your team: Our security awareness training empowers employees to recognize and prevent cyber threats.
- Develop a response plan: Bridgehead will work with you to create a clear strategy for handling cyber incidents, minimizing downtime and damage.
Don’t wait for an attack to happen. Take action today. Contact Bridgehead for a free consultation and learn how we can safeguard your business in this ever-evolving threat landscape.