Defending Against Volt Typhoon and Its Kin

Over the past decade, geopolitical tensions between major powers have escalated. More and more, these tensions are “bleeding over” into the cyber world as a way of weakening an enemy without going to war. Recent advisories from the US government’s Cybersecurity and Infrastructure Security Agency (CISA) have sounded the alarm about a formidable adversary known as Volt Typhoon. This cyber crew, allegedly backed by the People's Republic of China (PRC), is making waves, and not the good kind. With a focus on critical infrastructure, they're not just causing ripples; they're creating tsunamis of chaos.

So, what's the deal with Volt Typhoon? Well, imagine them as the digital pirates of the modern age. They're sailing the cyber seas, plundering and pillaging wherever they go. Their target? Anything and everything related to essential services—healthcare, energy, finance, transport and logistics, you name it. If it's crucial to keeping society ticking, they've got their sights set on it.

Take a recent incident involving the healthcare provider Change Healthcare which is part of UnitedHealth Group. They weren't just hit with a run-of-the-mill cyberattack; they were rocked to their core by a massive ransomware attack. And the fallout? Well, let's just say it's not just about lost data; it's about disrupting the very services that people rely on for their health and well-being.

Many people don’t understand yet how much chaos an attack like this can create. Many of us will think: "How can a bunch of cyber pirates wreak so much havoc?" Well, it's not as hard as you might think. They are not just out to steal data to commit crimes like identity theft or stealing your credit card details. They are out to sow chaos by causing disruption to our everyday lives. In the case of Change Healthcare they stopped the processing of payments for healthcare claims. In the case of infrastructure providers the results could be even more dire. Utilities responsible for electricity and water supply rely on devices called Programmable Logic Controllers (PLCs) to automate and operate their machinery and facilities. If a group like Volt Typhoon got into their network and started interfering with PLCs we could even end up with our water or power supplies getting cut off.

Their tactics? They're not afraid to get their hands dirty. They'll exploit software vulnerabilities faster than you can say "patch update". And when that doesn't work, they'll try their luck with phishing emails, hoping to reel in unsuspecting victims. Once they've got a foot in the door, it's game on. They'll poke around, looking for anything they can get their hands on, whether it's patient records, financial data, or access to control systems for physical infrastructure like power generation.

This is where things get worse: they're not just targeting big fish. They're also going after the little guys too. By hitting third-party vendors and service providers, they can sneak their way into bigger networks without raising too many eyebrows. It's like slipping through the cracks when nobody's looking.

While this sounds scary — there is hope on the horizon. Intelligence agencies from different corners of the globe are teaming up to take down these cyber pirates. NTT’s own Global Threat Intelligence Center is taking part in initiatives with the US government’s Joint Cyber Defense Collaborative (JCDC) to disrupt the activities of Volt Typhoon.

We all need to remember though: it's going to take more than just a group of superheroes to defeat these villains. We all need to do our part. That means tightening up our defenses, educating ourselves and our teams, and being prepared to respond when disaster strikes.

That's where Extended Detection and Response (XDR) comes into play. It's like having your own personal cyber watchdog, sniffing out trouble before it has a chance to strike. By consolidating security alerts into one easy-to-manage platform, Samurai XDR gives you the upper hand in the fight against cyber threats. By bringing all of your security alerting from both your own network and your cloud applications into a single place, Samurai XDR provides you with a single vantage point to detect groups like Volt Typhoon if they try to breach your defenses.

But let's not forget the human element. We can have all the fancy technology in the world, but if we're not clued up on cybersecurity best practices, we're fighting a losing battle. That means we all need to roll up our sleeves, get educated, and stay vigilant.

At the end of the day, defending against groups like Volt Typhoon is going to take a village. We need to build strong defenses, share information, collaborate with our peers, and work together to keep our essential services safe from harm.

One way you can benefit from the intelligence built by the collaboration between leaders in cyber security to strengthen your defenses is by putting Samurai XDR to work, helping to man your defenses and detect attackers before they bring your business to a halt. To experience how Samurai XDR can bolster your cyber defenses, start your Free 30 Day Trial now.