SHARE THIS:
Link: https://www.enterprotect.com/resource-center/understanding-and-mitigating-the-threat-of-volt-typhoon

Global Cybersecurity Advisory Breakdown: The Threat of Volt Typhoon

Introduction

In the rapidly evolving landscape of cybersecurity, vigilance and proactive defense are paramount. As a leading cybersecurity company, Enterprotect is dedicated to providing the most up-to-date information and guidance to help businesses safeguard their digital assets. This advisory is based on a joint Cybersecurity Advisory issued by the United States National Security Agency (NSA), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Federal Bureau of Investigation (FBI), the Australian Signals Directorateҳ Australian Cyber Security Centre (ACSC), the Communications Security Establishmentҳ Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ), and the United Kingdom National Cyber Security Centre (NCSC-UK).

The advisory discusses a recent cybersecurity threat associated with a state-sponsored cyber actor from the People's Republic of China, known as Volt Typhoon. This article provides a summary of the advisory, but we strongly recommend reading the full joint cybersecurity advisory for a comprehensive understanding of the threat and the recommended mitigation strategies.

What is the Threat?

Volt Typhoon is a state-sponsored cyber actor from the People's Republic of China. This actor has been associated with a cluster of cyber activities that pose a significant threat to businesses and organizations worldwide. The tactics employed by Volt Typhoon are noteworthy due to their stealthy nature. They use a strategy known as "living off the land," which involves using built-in network administration tools to perform their objectives. This approach allows them to evade detection, making their activities particularly insidious.

Some of the built-in tools this actor uses are: wmic , ntdsutil , netsh , and PowerShell . The actor also uses open source "hacktools" tools, such as: Fast Reverse Proxy (frp), Impacket, Mimikatz.exe, and Remote administration tools. Understanding these tools and how they can be used maliciously is a key part of ourthreat hunting efforts at Enterprotect.

Why is it Noteworthy?

The activities of Volt Typhoon are noteworthy due to several reasons. Firstly, the use of "living off the land" tactics demonstrates a high level of sophistication and understanding of network systems. By using built-in tools, the actor can blend in with legitimate activities, making detection more challenging. This is why ourindicator of compromise (IOC) detection services are so crucial.

Secondly, the state-sponsored nature of this actor suggests a high level of resources and potential backing from a nation-state. This increases the potential scale and impact of their activities.

Finally, the activities of Volt Typhoon have been widespread, affecting numerous organizations across different sectors. This broad scope of activity highlights the potential risk to many businesses and underscores the need for effective cybersecurity measures, such as ourlayered security approach.

What is the Exposure or Risk?

The exposure or risk associated with Volt Typhoon's activities is significant. If undetected, their activities can lead to unauthorized access to sensitive information, disruption of business operations, financial loss, and potential damage to an organization's reputation. Ourbreach detection services are designed to identify these threats as early as possible.

The use of "living off the land" tactics can make it difficult for businesses to detect and respond to these threats. Traditional security measures may not be effective against this type of threat, as the actor uses legitimate tools and processes to carry outtheir activities. This is where our comprehensivecybersecurity platform comes into play, offering a range of solutions to protect your digital assets.

What are the Recommendations?

In light of the threat posed by Volt Typhoon, Enterprotect recommends several measures to enhance cybersecurity defenses:

Network Monitoring: Regular monitoring of network activities can help detect unusual patterns that may indicate a threat. This includes keeping an eye on the use of built-in network administration tools.

Cybersecurity Training: Employees should be trained to recognize potential cybersecurity threats and follow best practices for online safety. This includes being wary of phishing attempts and maintaining strong, unique passwords.

Regular Updates: Keeping all systems, software, and devices updated can help protect against known vulnerabilities that could be exploited by cyber actors. Ourvulnerability management services can assist in identifying and addressing these vulnerabilities.

Incident Response Plan: Having a clear plan in place for responding to a cybersecurity incident can help minimize damage and recovery time. This includes identifying key personnel, outlining communication strategies, and establishing procedures for investigating and resolving the incident.

Logging Recommendations: Defenders should set the audit policy for Windows security logs to include ӡudit process creationԠand өnclude command line in process creation eventsԠin addition to accessing the logs. This will create Event ID 4688 entries in the Windows Security log to view command line processes. Defenders should also log WMI and PowerShell events. By default, WMI Tracing and deep PowerShell logging are not enabled, but they can be enabled by following the configuration instructions linked in the References section.

Ensure Log Integrity and Availability: The actor takes measures to hide their tracks, such as clearing logs. To ensure log integrity and availability, defenders should forward log files to a hardened centralized logging server, preferably on a segmented network. Such an architecture makes it harder for an actor to cover their tracks as evidence of their actions will be captured in multiple locations. Defenders should also monitor logs for Event ID 1102, which is generated when the audit log is cleared. All Event ID 1102 entries should be investigated as logs are rarely cleared under normal circumstances. Ourevent log monitoring services can assist in this crucial task.

Review Firewall Configurations: In addition to host-level changes, defenders should review perimeter firewall configurations for unauthorized changes and/or entries that may permit external connections to internal hosts.

Monitor Account Activity: Defenders should also look for abnormal account activity, such as logons outside of normal working hours and impossible time-and-distance logons (e.g., a user logging on from two geographically separated locations at the same time).

References

This advisory is based on a joint Cybersecurity Advisory issued by the United States and international cybersecurity authorities. For more detailed information, please refer to the original documenthere.

At Enterprotect, we are committed to helping businesses navigate the complex landscape of cybersecurity. Our team of experts is always on hand to provide guidance, support, and solutions to help you protect your digital assets. For more information about our services, or to start afree trial, please visit our website.

Disclaimer: This advisory is provided "as is" for informational purposes only. Enterprotect does not provide warranties regarding this information or any actions taken based on the information provided.Always consult with a professional cybersecurity advisor for specific guidance tailored to your situation.

About Enterprotect: Enterprotect is a leading cybersecurity company dedicated to providing comprehensive security solutions for small to medium-sized businesses. Our passion is cybersecurity, and our mission is to simplify it for businesses, allowing them to focus on what they do best. Learn more about our cybersecurity solutions atEnterprotect.
read more..


Search for Global Cybersecurity Advisory Breakdown: The Threat of Volt Typhoon in the web..

Global Cybersecurity Advisory Breakdown: The Threat of Volt Typhoon

Latest links

https://www.facebook.com/apextestdrivecbdgummiescost/

https://www.facebook.com/apextestdrivecbdgummiescost/

Apex Test Drive CBD Gummies is a revolutionary supplement designed to address various aspects of mal..

[[View rating and comments]]
submitted at 01.07.2024
Strengthen Your Digital Security with the AntiVirus Services Professional Support Bot

Strengthen Your Digital Security with the AntiVirus Services Professional Support Bot

In the modern digital era, protecting your electronics from harmful software and other digital threa..

[[View rating and comments]]
submitted at 01.07.2024
A Quick Guide to Expedia Cancellation Policy?

A Quick Guide to Expedia Cancellation Policy?

If you need to cancel your flight within 24 hours of booking, please phone +@☎+1-855-559-0764. Exped..

[[View rating and comments]]
submitted at 01.07.2024
Klaviyo Email Specialists: Unleashing Marketing Power | XTech Commerce

Klaviyo Email Specialists: Unleashing Marketing Power | XTech Commerce

Discover the prowess of Klaviyo Email Specialists in revolutionizing marketing strategies. Learn how..

[[View rating and comments]]
submitted at 01.07.2024
'House Of The Dragon' Recap, Season 2, Episode 3, Another Dumb Plan : NPR

'House Of The Dragon' Recap, Season 2, Episode 3, Another Dumb Plan : NPR

‘House of the Dragon’ recap, Season 2, episode 3, another dumb plan : NPR, Credits! Which carry with..

[[View rating and comments]]
submitted at 01.07.2024
Tips For Hiring a Best Digital Marketing Company - Stars Fact

Tips For Hiring a Best Digital Marketing Company - Stars Fact

Nowadays, whether it is goods or services, both are available in the digital market. If you run a bu..

[[View rating and comments]]
submitted at 01.07.2024
Top NEET Online Tuition for Class 11 Hyderabad

Top NEET Online Tuition for Class 11 Hyderabad

NEET Online Tuition for Class 11 in Hyderabad is a game-changer, providing students with comprehensi..

[[View rating and comments]]
submitted at 01.07.2024
Drain the Competition: Mastering Digital Marketing for Plumbers

Drain the Competition: Mastering Digital Marketing for Plumbers

Introduction In today's digital age, having a strong online presence is essential for businesses to ..

[[View rating and comments]]
submitted at 01.07.2024
Velocity Auto Motors

Velocity Auto Motors

Velocity Auto Motors is a premier destination for automotive enthusiasts in Alpharetta, Georgia. Nes..

[[View rating and comments]]
submitted at 01.07.2024
Digital Marketing Tricks for the Retail Sector - Teachertn

Digital Marketing Tricks for the Retail Sector - Teachertn

Times are changing for retail businesses as more and more companies are bringing their shops online.

[[View rating and comments]]
submitted at 01.07.2024
AI Marketing Solutions - Transforming the Future of Digital Advertising - Trendingbird

AI Marketing Solutions - Transforming the Future of Digital Advertising - Trendingbird

AI is revolutionizing digital marketing solutions significantly. It significantly speeds up and stre..

[[View rating and comments]]
submitted at 01.07.2024
Top 5 Social Media Marketing Tools - Smihub.info

Top 5 Social Media Marketing Tools - Smihub.info

Many advertising agencies have changed their advertising campaigns to digital marketing. The digital..

[[View rating and comments]]
submitted at 01.07.2024
7 Marketing Hacks to Boost Attendance at Your Church's Fundraisers

7 Marketing Hacks to Boost Attendance at Your Church's Fundraisers

Are you tired of lackluster attendance at your church's fundraisers? Do you wish more people in your..

[[View rating and comments]]
submitted at 01.07.2024
safely Buy Hydrocodone 10-650 Mg Online without Prescription

safely Buy Hydrocodone 10-650 Mg Online without Prescription

Buy Hydrocodone 10-650 mg Online is a Pain killer of all intensities, from minor to severe, and is t..

[[View rating and comments]]
submitted at 01.07.2024
Online Marketing Vs Traditional Marketing | WazMagazine.com

Online Marketing Vs Traditional Marketing | WazMagazine.com

In this article, we are going to answer the question, what are the differences between online market..

[[View rating and comments]]
submitted at 01.07.2024

Website Info

Category: Threat Advisory
Found: 06.06.2023

Rate!!

Please write a comment:

User ratings