The Cybersecurity and Infrastructure Security Agency (CISA) of the United States, in collaboration with the National Security Agency (NSA), the FBI, and cyber agencies from Australia, Canada, and New Zealand, have released a comprehensive security guide for communications services providers (CSPs) following a series of cyberattacks linked to China on major US telecommunications companies.
These attacks, attributed to an advanced persistent threat (APT) group known as Salt Typhoon, targeted companies like AT&T and Verizon, infiltrating their systems and stealing customer call record data. The group also accessed the private communications of individuals involved in government or political activities and obtained data related to US law enforcement requests.
The joint security guide offers recommendations for CSPs to detect unusual behavior, address vulnerabilities, and respond to cyber incidents effectively. It emphasizes the importance of reducing exposure to threats, enhancing secure configurations, and minimizing potential entry points for attackers.
Jeff Greene, CISA’s executive assistant director for cybersecurity, highlighted the seriousness of cyber threats posed by China and urged organizations to implement the guide’s recommendations to prevent compromises. Bryan Vorndran from the FBI Cyber Division echoed the concerns, urging organizations to adopt the suggested measures and report any suspicious activity.
The guide is also relevant for network engineers working with on-premise enterprise equipment and critical national infrastructure (CNI). It provides steps for scrutinizing configuration changes, implementing network monitoring, securing management traffic, monitoring user logins, and enhancing network segmentation.
Specific recommendations for securing Cisco systems, which were targeted by Salt Typhoon, are included in the guide. These measures aim to strengthen the overall security posture of organizations and prevent future cyber incidents.
In conclusion, the guide serves as a crucial resource for telecommunications and other organizations to enhance their cybersecurity defenses and protect against evolving cyber threats. By following the recommendations outlined in the guide, companies can strengthen their resilience and safeguard critical infrastructure from malicious actors.
