The end of the year is a good time to make sure you are prepared for new threats
Review your access technology and ensure that phishing-resistant multifactor authentication is implemented in your environment. In enterprise settings, make sure you are using hardware-based multifactor authentication, such as PKI or FIDO.
Attackers have used and targeted Cisco hardware and software in multiple attacks. Specifically, CISA recommends that you disable all services and technologies that you do not clearly use in your environment. In addition, it is recommended that you perform additional steps to disable various Cisco services, such as the following:
- Disable Cisco’s Smart Install service.
- Disable guest shell access.
- Disable all non-encrypted web management capabilities.
- Ensure that web servers, if used, are set up with encrypted SSL connections.
- Enable web management only if needed.
- Disable telnet and ensure that it is not allowed on any Virtual Teletype (VTY) lines.
This is not the first, and will not be the last, warning of threat groups supported by the People’s Republic of China targeting the government and businesses. In February 2024, CISA issued its advisory on Volt Typhoon and APT’s ability to identify and conduct pre-compromise assessments.
Source link