Defense Industrial Base Resources for Cybersecurity Readiness and Resiliency
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigations (FBI) have released an advisory on the People’s Republic of China state-sponsored Cyber Threats. The People’s Republic of China has been assessed as deploying state-sponsored malicious cyber activity—a major threat to U.S. and Allied cyberspace assets.
Increasingly sophisticated Chinese-state sponsored cyber activity has been targeting U.S. political, economic, military, and educational organizations. The following trends have been observed:
- Acquisition of Infrastructure and Capabilities: Chinese state-sponsored cyber actors are highly aware of the information security community’s best practices. Actors mask their activities by leveraging a series of virtual private servers (VPSs) or common commercial penetration tools.
- Exploitation of Public Vulnerabilities: Chinese state-sponsored cyber actors scan target networks for critical and high vulnerabilities within days of a vulnerability’s public disclosure.
- Encrypted Multi-Hop Proxies: Chinese state-sponsored cyber actors have been observed to use a combination of a VPS and small/home office devices to evade detection.
To mitigate these attacks companies are urged to consider:
- Strong and Timely Patch Management: Organizations should patch critical and high vulnerabilities that allow for remote code execution or denial-of-service, especially on externally facing equipment.
- Enhanced Monitoring of Network Traffic, Email, and Endpoint Systems: Organizations should review network signatures and indicators for focused activities, monitor for new phishing trends, and adjust email rules in a timely manner.
- Protection Capabilities to Stop Malicious Activity: Organizations should implement anti-virus software and other endpoint protection capabilities to detect and prevent malicious files from executing.
Detailed information about these threats and mitigation steps are outlined in the advisory link. In addition, DOD’s Industrial Policy Office has developed Project Spectrum, a DOD-sponsored initiative that provides companies, institutions, and organizations with a comprehensive, cost-effective platform of cybersecurity information, resources, tools, and training.