Your unencrypted RCS messages between iPhones and Android devices can be spied on by foreign attackers. Here’s how to protect yourself.
Latest stories for ZDNET in Security – Read More
The Russia-linked advanced persistent threat (APT) group known as Turla has been linked to a previously undocumented campaign that involved infiltrating the command-and-control (C2) servers of a Pakistan-based hacking group named Storm-0156 to conduct its own operations since 2022.
The activity, first observed in December 2022, is the latest instance of the nation-state adversary “embedding
The Hacker News – Read More
Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.
The post Spy v Spy: Russian APT Turla Caught Stealing from Pakistani APT appeared first on SecurityWeek.
SecurityWeek – Read More
Datadog advises Australian and APAC companies to phase out long-lived cloud credentials.
Security | TechRepublic – Read More
Western authorities say they’ve identified a network that found a new way to clean drug gangs’ dirty cash. WIRED gained exclusive access to the investigation.
Security Latest – Read More
Brian Thompson, the CEO of UnitedHealthcare, was fatally shot in Midtown Manhattan early Wednesday morning while walking toward the New York Hilton Midtown for his company’s annual investor conference. According to emerging media reports, Thompson was fired on from roughly 20 feet away by a masked gunman who appeared to be waiting for Thompson and […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The caution comes after Chinese-state-affiliated breaches of American telecommunication networks. Organizations with Cisco infrastructure should take particular note.
Security | TechRepublic – Read More
Two NHS trusts in England have been hacked in recent weeks, the latest attacks to hit the national health service.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
The evolving regulatory environment presents both challenges and opportunities for businesses.
darkreading – Read More
A coalition of cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), Australia’s Australian Signals Directorate (ASD), the Australian Cyber Security Centre (ACSC), as well as counterparts from Canada and New Zealand, has issued a hardening guidance to strengthen communications infrastructure against cyber espionage and other malicious cyber activities.
This hardening guidance focuses on visibility enhancements and hardening practices for network devices. It aims to help engineers and defenders safeguard their systems from the growing threats posed by China-affiliated threat actors. The latest intelligence reports reveal that Chinese hackers have compromised networks of major telecommunications providers globally, conducting extensive cyber espionage campaigns.
These groups have been targeting vulnerabilities in telecommunications networks, gaining unauthorized access to sensitive data. This activity aligns with known weaknesses in existing network infrastructure and highlights the urgent need for organizations to address security gaps.
The agencies involved in this effort, including the ASD and the ACSC, emphasize that while the tactics used by these threat actors are not novel, their success stems from exploiting well-established vulnerabilities in communications infrastructure. The newly issued hardening guidance, therefore, provides actionable steps for network engineers and defenders to strengthen visibility, detect malicious activities, and harden systems against future exploitation.
One key strategy in this guidance is to improve visibility across communication networks. For organizations to effectively monitor, detect, and respond to cyber threats, they must have thorough insight into network traffic, user behavior, and overall data flow. High visibility enables swift identification of anomalies that may indicate a cyber intrusion, allowing defenders to take immediate action.
Network engineers are advised to closely monitor configuration changes in critical network devices, such as routers, switches, and firewalls. Any alterations outside the formal change management process should raise red flags. Additionally, regular audits and monitoring for unusual activities, such as unauthorized changes to routes or protocols, can help detect malicious intrusions early.
The guidance recommends centralizing configurations and storing them in a secure, centralized location. This prevents devices from becoming the sole source of truth for their own configurations, which could be manipulated in the event of a breach. Network engineers should also implement strong network flow monitoring solutions to gain insights into the ingress and egress points of data across the network.
A proactive approach to monitoring user accounts and logins is also essential for mitigating threats. Monitoring anomalies in user and service account activity—such as abnormal login times, failed login attempts, or logins from unexpected locations—can help identify malicious actors who have gained unauthorized access to the network.
Organizations should also ensure that logging mechanisms are vigorous, secure, and centralized. Logs should be encrypted in transit and stored off-site to prevent tampering. Using Security Information and Event Management (SIEM) systems is encouraged to help analyze logs and correlate data from various devices for rapid incident detection.
Beyond improving visibility, securing the underlying network systems through hardening is a critical defense strategy. Hardening aims to reduce vulnerabilities by ensuring that network devices and protocols are securely configured to minimize the attack surface. The collaboration between CISA, ACSC, and other agencies has provided valuable hardening guidance that organizations can apply to their communications infrastructure.
One of the most critical recommendations in the guide is the use of out-of-band management networks. By ensuring that network infrastructure devices can only be managed from physically separate, trusted networks, organizations can prevent the lateral movement of hackers within their systems. This isolation limits the potential impact of a breach, as attackers cannot easily move between devices on the network once one device has been compromised.
Segmentation of networks into isolated zones, such as using Virtual Local Area Networks (VLANs) and private VLANs (PVLANs), helps protect critical systems and restricts access to sensitive data. Access Control Lists (ACLs) should be configured with a default-deny policy to control both inbound and outbound traffic, ensuring that only authorized connections are allowed.
The guidance stresses the importance of securing VPN gateways by limiting their exposure to the internet and enforcing strong cryptographic protocols for key exchange and data encryption. VPNs should be configured to only allow strong authentication methods, and unused cryptographic algorithms should be disabled to reduce the risk of exploitation.
In addition to securing network devices, organizations should focus on improving authentication methods to ensure that only authorized users can access their networks. Implementing phishing-resistant multi-factor authentication (MFA) for all users, especially those with administrative privileges, is one of the primary strategies to prevent unauthorized access.
The guidance also emphasizes the importance of strong password policies, including the use of secure hashing algorithms and the requirement to change default passwords immediately upon deployment. Additionally, organizations should regularly review user accounts to ensure that inactive or unnecessary accounts are removed, and all accounts are assigned the minimum necessary permissions.
Adopting a “secure by design” approach is crucial for software manufacturers to enhance the security of their products and reduce the need for customers to manually implement hardening measures.
As cyber threats, especially Chinese threat actors, continue to target global organizations, collaboration between international agencies like CISA, ACSC, and other stakeholders is important to protect global communications infrastructure. Australia’s leadership, through agencies such as the ASD and ACSC, plays an important role in fighting cybercrime.
By focusing on hardening guidance, improving visibility, and working together internationally, organizations can strengthen their security posture, mitigate vulnerabilities, and contribute to the collective global effort to protect digital life.
The post Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure appeared first on Cyble.
Blog – Cyble – Read More