A joint Cybersecurity Advisory (CSA) has provided the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors. This is as assessed by the U.S. National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI).
Chinese state-sponsored cyber actors, according to the report, continue to exploit known vulnerabilities to actively target U.S. and allied networks as well as software and hardware companies to steal intellectual property and develop access into sensitive networks.
This joint CSA builds on previous NSA, CISA, and FBI reporting to inform federal and state, local, tribal and territorial (SLTT) government; critical infrastructure, including the Defense Industrial Base Sector; and private sector organizations about notable trends and persistent tactics, techniques, and procedures (TTPs).
Too many firms are not taking action, however. As one review recognises: “As the war in Ukraine rages on, it is accompanied by a resulting spike in global energy prices, soaring inflation, and growing tensions between the West and China, but the gap between awareness and action taken on this rising risk is alarming.”
To gain an expert insight into the Chinese state activities, Digital Journal reached out to Simon Kun, Security Automation Architect at Swimlane.
According to Kun businesses and public sector organisations need to wake up to the messages from the various agencies. As he notes: “Today’s joint advisory released by the National Security Agency (NSA), Cybersecurity and Infrastructure Agency (CISA), and Federal Bureau of Investigation (FBI) is the latest reminder of the risk posed to U.S. and allied networks by malicious cyber actors seeking to exploit vulnerabilities and steal intellectual property.”
What is happening is part of a growing trend, says Kun: “Unfortunately, both nation-states and criminal groups continue to take advantage of vulnerable critical infrastructure operations by targeting weaknesses. While this guidance is a step in the right direction to help organizations take actionable measures against specific threat actors, it unfortunately also seems to demonstrate a lagging patch cycle and how even large, known vulnerabilities are not being addressed and patched accordingly.”
More specifically, with the threat actors involved, Kun’s analysis runs: “As People’s Republic of China’s state-sponsored cyber actors continue to threaten these essential assets, companies must reevaluate their cybersecurity posture in order to remain secure.”
As to what this means in practice, Kun recommends: “Implementing multi-faceted cybersecurity systems that automate detection, response and investigation protocols and allow for complete visibility into IT ecosystems with the ability to comprehend and thwart malicious threats in real time, before cybercriminals are able to take over, are essential in the fight.”
Kune also recommends: “By automating and centralizing security processes using low-code automation that is ultimately stored in a system-of-record, IT teams are granted full monitoring capabilities, ultimately ensuring that critical day-to-day processes remain undisturbed.”
