Ivanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,” or known vulnerabilities that don’t yet have a patch, as opposed to relying on bespoke malware or on zero-day vulnerabilities (security issues that have yet to be identified by developers), exploiting flaws in network edge devices including security appliances, and routers, as well as in virtual private servers. Notably, they have targeted flaws in Ivanti Connect Secure and Ivanti Policy Secure; Palo Alto Networks PAN-OS GlobalProtect; and Cisco IOS and IOS XE.They then take advantage of the compromised devices and trusted or private connections, such as provider-to-provider or provider-to-customer links, to pivot into other networks. Their activity involves “persistent, long-term access” to networks, according to authorities.
Key targets: Specifically, they seem to target:
Passwords; user content; customer records; inventories; device configurations and files; and vendor lists.Router interfaces;In-transit network traffic; resource reservation protocol (RSVP) sessions; and border gateway protocol (BGP) routes.Authentication protocols and remote authentication dial-in user service (RADIUS) that authorizes and authenticates remote network users.Managed information bases, or databases that manage entities.”The data stolen through this activity can ultimately provide the Chinese intelligence services the capability to identify and track targets’ communications and movements worldwide,” the UK’s National Cyber Security Centre warned. Therefore, global threat intelligence agencies advise that enterprises perform extensive monitoring of configuration changes, virtualized containers, network services and tunnels, firmware and software integrity, and logs.
Recommendations: Authorities also advise organizations to
Regularly review network devices, routers, logs and configurations for “unexpected, unapproved, or unusual activity”;Employ a “robust change management process” that includes periodic auditing of device configurations;Disable outbound connections from management interfaces;Change all default administrative credentials;Require public-key authentication for administrative roles;Disable password authentication;Use the vendor recommended version of the network device operating system and keep it updated.
The ‘climate change of tech’: Continued attacks of this magnitude from Salt Typhoon and others comes down to a lack of incentives for major networking company technology providers to create more robust authentication mechanisms and resiliency, said Beauceron’s Shipley.The cost to build a more secure digital economy is a bill that enterprises simply aren’t prepared to pay, “until it’s too late,” he noted.”The internet and corporate networks still behave like we’re in the 1990s,” he said. “It’s not behaving like the vital digital nervous system to the global economy and society.””It’s the climate change of tech, a problem too many still don’t value solving, and something that requires the kind of consensus for action that’s almost impossibly elusive,” said Shipley.
Regularly review network devices, routers, logs and configurations for “unexpected, unapproved, or unusual activity”;Employ a “robust change management process” that includes periodic auditing of device configurations;Disable outbound connections from management interfaces;Change all default administrative credentials;Require public-key authentication for administrative roles;Disable password authentication;Use the vendor recommended version of the network device operating system and keep it updated.
The ‘climate change of tech’: Continued attacks of this magnitude from Salt Typhoon and others comes down to a lack of incentives for major networking company technology providers to create more robust authentication mechanisms and resiliency, said Beauceron’s Shipley.The cost to build a more secure digital economy is a bill that enterprises simply aren’t prepared to pay, “until it’s too late,” he noted.”The internet and corporate networks still behave like we’re in the 1990s,” he said. “It’s not behaving like the vital digital nervous system to the global economy and society.””It’s the climate change of tech, a problem too many still don’t value solving, and something that requires the kind of consensus for action that’s almost impossibly elusive,” said Shipley.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4048548/chinese-hacking-group-salt-typhoon-expansion-prompts-multinational-advisory.html
