On Dec. 3, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and international partners issued guidance on strengthening systems against intrusions by threat actors targeting telecommunications. The guidance was informed by recent breaches affiliated with the Chinese government.
The recommendations come weeks after the FBI and CISA identified that China-affiliated threat actors had âcompromised networks at multiple telecommunications companies.â Initially, the breaches were believed to target specific individuals in government or political roles. However, on Dec. 3, the FBI clarified that these individuals may not have been the intended targets but were instead âswept upâ in the operation. T-Mobile was allegedly one of the affected companies.
âThreat actors affiliated with the Peopleâs Republic of China (PRC) are targeting commercial telecommunications providers to compromise sensitive data and engage in cyber espionage,â Assistant Director Bryan Vorndran of the FBIâs Cyber Division, said in a press release. âTogether with our interagency partners, the FBI issued guidance to enhance the visibility of network defenders and to harden devices against PRC exploitation.â
SEE: Live: AWS re:Invent brings new AI infrastructure, foundation models, and more.
Guide includes recommendations for improving visibility and hardening security
The guide focuses on enhanced visibility â defined as âorganizationsâ abilities to monitor, detect, and understand activity within their networksâ â and hardening systems and devices.
Strengthening monitoring includes:
- Implementing comprehensive alerting mechanisms to detect unauthorized changes to your networks.
- Using a strong network flow monitoring solution.
- Limiting exposure of management traffic to the Internet, if possible, including restricting management to dedicated administrative workstations.
âHardening systems and devicesâ covers many aspects of securing device and network architecture. This advisory section is split into two subsections: protocols and management processes and network defense. These recommendations include:
- Using an out-of-band management network physically separate from the operational data flow network.
- Employing a strict, default-deny ACL strategy to control inbound and egressing traffic.
- Managing devices from a trusted network rather than from the internet.
- Sending all authentication, authorization, and accounting (AAA) logging to a centralized logging server with modern protections.
- Disabling Internet Protocol (IP) source routing.
- Storing passwords with secure hashing algorithms.
- Requiring multi-factor authentication.
- Limiting session token durations and requiring users to reauthenticate when the session expires.
- Using role-based access control.
FBI and CISA recommend disabling a host of Cisco defaults
The report also provides guidance for using Cisco-specific devices and features. It states that Cisco operating systems are âoften being targeted by, and associated with, these PRC cyber threat actorsâ activity.â
For those using Cisco products, the FBI and CISA have a laundry list of recommendations for disabling services and how to safely store passwords. Namely, IT and security professionals in vulnerable organizations should disable Ciscoâs Smart Install service, Guest Shell access, all non-encrypted web management capabilities, and telnet.
When using passwords on Cisco devices, users should:
- Use Type-8 passwords when possible.
- Avoid using deprecated hashing or password types when storing passwords, such as Type-5 or Type-7.
- Secure the TACACS+ key as a Type-6 encrypted password if possible.
The guide goes hand in hand with Secure by Design principles.
âThe PRC-affiliated cyber activity poses a serious threat to critical infrastructure, government agencies, and businesses,â said CISA Executive Assistant Director for Cybersecurity Jeff Greene. âThis guide will help telecommunications and other organizations detect and prevent compromises by the PRC and other cyber actors.â
The full list of recommendations can be found in the guide.
Read the full article here
