Connect with us

Hi, what are you looking for?

Tech & Science

New China cyber-threat warning

“To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them.

Image: © PRENSA SENADO/AFP Handout
Image: © PRENSA SENADO/AFP Handout

In the U.S., a ‘Cybersecurity Advisory’ notice has been issued by the Cybersecurity and Infrastructure Security Agency (CISA). This provides a warning to both critical infrastructure and private industry organizations that Chinese-backed threat actors are targeting known common vulnerabilities and exposures (CVEs) of major telecommunications companies to harvest data and steal credentials, using sophisticated cyberattack methods.

Looking into the implications for Digital Journal is Terry Olaes, Director of Sales Engineering at Skybox.

Olaes begins by discussing the specific concern highlighted by the security agency: “Threat actors are targeting known common vulnerabilities and exposures (CVEs) of major telecommunications companies to harvest data and steal credentials.”

The matter has also been picked up by other U.S. agencies, each of which pinpoints the same point of threat origin. As Olaes explains: “The NSA, CISA, and the FBI noted that upon gaining initial access to a telecommunications organization or network service provider, People’s Republic of China (PRC) state-sponsored cyber actors have successfully identified critical users and infrastructure, including systems critical to maintaining the security of authentication, authorization, and accounting.”

As to what organisations should make of the message, Olaes says: “It is the latest urgent reminder that cybercriminals are increasingly targeting known vulnerabilities hiding in plain sight and turning them into backdoors to deploy complex attacks that are increasing at record rates.”

Olaes also sets out the risks: “If organizations only rely on conventional approaches to vulnerability management, they may only move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS). Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.”

In contrast to inaction, there are measure that organisations can take to improve their defences. Says Olaes: “To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them.”

As to what this represents, Olaes conceives: “That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape. Organizations should ensure they have solutions in place capable of quantifying the business impact of cyber risks into economic impact.”

The advantages here, according to Olaes, are: “This will help them identify and prioritize the most critical threats based on the size of financial impact, among other risk analyses such as exposure-based risk scores. It’s essential for organizations to increase the maturity of their vulnerability management programs to ensure they can quickly discover if they are impacted by vulnerabilities and how urgent it is to remediate.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

When it comes to video apps, the Davy recommends manually adjusting the quality settings rather than accepting the default ones.

Tech & Science

In recent years, artificial intelligence has become deeply embedded in marketing workflows.

Entertainment

"Adult Children" is a new coming-of-age dramedy that stars Betsy Brandt, Aya Cash, Ella Rubin, Thomas Sadoski, and Mimi Rogers.

Entertainment

Music historian Don Cusic chatted about his new book "Chet Atkins: Mr. Guitar (Music of the American South)."