The NSA release this week a comprehensive report with explicit details of the extent of the activity and ‘Tradecraft” of the APT 40 unit of the PRC. This is just confirmation of what we already know – and was addressed by both FBI Director Christopher Wray and NSA Chief General Timothy Haugh in testimony to congress this summer. But now all of the details of PRC activities and tradecraft are explicitly laid out.
The CSA describes how APT 40 can rapidly exploit new public vulnerabilities in widely used software. Additionally, the group has evolved its tradecraft and embraced a global trend to use compromised devices, including home office devices, as operational infrastructure. Other PRC state-sponsored actors are using the same techniques, posing a threat to networks worldwide.
Notably, APT40 possesses the capability to rapidly transform and adapt exploit proof-of-concept(s)
(POCs) of new vulnerabilities and immediately utilise them against target networks possessing the
infrastructure of the associated vulnerability. APT40 regularly conducts reconnaissance against networks of interest, including networks in the authoring agencies’ countries, looking for opportunities to compromise its targets. This regular reconnaissance postures the group to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and to rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities from as early as 2017.
The level of detail and disclosure in itself is new and important. As Gary Miller, Faction Advisor and Founder of the Mobile Intelligence Alliance puts it:
This is a big deal. We monitor APT40 spyware and the NSA posting this overview as an international multi-agency report is a significant milestone.
The Bottom Line: The Internet is NOT Safe
As we have said: The System is Blinking Red
We entered a new era of cybersecurity over a decade ago where it not just criminal gangs that want your data. Three things have made this even worse in recent years:
- AI – gives even more power to the attackers, who are always 3 steps ahead.
- IOT – we are connecting all manner of critical devices and infrastructure to the Internet.
- Great Power Conflict – we are now dealing with hostile nation-state actors engaged in ongoing low-level cyberwarfare, while actively working and preparing to wreak havoc across our society and economy on a scale not seen before – should the need arise.
The assumptions upon which cybersecurity architectures have been designed are based on a ‘good enough’ approach that simply does not apply to the world we now live in. We need a fundamentally new approach built on a truly Zero Trust architecture. That’s what Faction is dedicated to: it’s critical, and the time is well past now for this to happen.
The Solution? Get Off the Internet and Into a Virtual Private Circuit
This paragraph caught our eye:
The CSA also details findings from the ASD’s investigations into the successful compromise of two organizations’ networks by the cyber actor group, including the key activities observed. It describes mitigations network defenders can take, including implementing comprehensive and historical logging, promptly patching all Internet exposed devices, segmenting networks to limit or block lateral movement, closely monitoring services to ensure they are well secured, and disabling unused or unnecessary network services, ports, and protocols.
Faction addresses everything on that list except the logging and updating patches. We can ensure that updates and patches are only done with your permission and active control, however – which is critical. Faction also can and will add robust logging, reporting and alerts inside of Faction Networks with dashboards for our business customers using our Virtual Private Circuits. The difference between us and everyone else is that NOBODY else has access to the data that populates this dashboard. Only the Network Owner – and users he or she designates – can access this in your private Faction Network.
But if you are behind a Faction Network you are protected until you do. And that’s a huge benefit. What happens when a flaw is reported and patches released is that many if not most companies are slow to update them. That’s exactly how Change Healthcare got hacked How Could This Happen?! A Deep Dive into the Change Healthcare Attack – Faction Networks
At Faction, Zero Trust means ZERO Trust. We start by wiping the slate clean, ensuring that no user or device can see or even route to your Virtual Private Circuit over the Internet. Literally, if you expect to have any ability to prevent attacks, you need to get off the Internet!
But then you may say: “I can’t do that – we all have to connect to the Internet, right?!“ Wrong. You need to connect OVER the Internet to specific:
- cloud servers and resources;
- PCs, computers, smartphones;
- and smart, dumb and legacy devices.
With a Virtual Private Circuit, you can do all of that. But you do it over and through an encrypted private network and tunnels that only YOU created, control and can grant access to. That won’t solve everything, but it at least gives the defense the advantage over attackers for the first time. Most critically of all, it give you, the network owner, they keys to control your own security.
