The End of the Year is a Good Time to Ensure You’re Prepared for New Threats

Implement Phishing-Resistant Multifactor Authentication

As the year comes to a close, it is essential to review your access technology and ensure that phishing-resistant multifactor authentication is used in your environment. In business settings, it is recommended to use hardware-based multifactor authentication, such as Public Key Infrastructure (PKI) or Fast IDentity Online (FIDO).

Be Cautious of Cisco Hardware and Software Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has identified several attacks that have targeted Cisco hardware and software. To mitigate these risks, it is recommended to disable all services and technologies that are not explicitly being used in your environment. In addition, it is recommended to take the following actions to disable various Cisco services:

Disabling Unnecessary Cisco Services

• Disable Cisco’s Smart Install service.
• Disable guest shell access.
• Disable all non-encrypted web management capabilities.
• Ensure that web servers, if used, are set up with encrypted SSL connections.
• Only enable web management if required.
• Disable telnet and ensure it’s not enabled on any Virtual Teletype (VTY) lines.

A Warning About Threat Groups Supported by the People’s Republic of China

This is not the first, nor will it be the last, warning about threat groups supported by the People’s Republic of China targeting government and businesses. In February 2024, CISA released its advisory on Volt Typhoon and the Advanced Persistent Threat (APT) group’s ability to target and perform pre-compromise reconnaissance.

Conclusion

As the year comes to a close, it is crucial to take proactive steps to ensure your organization is prepared for new threats. By implementing phishing-resistant multifactor authentication and being cautious of Cisco hardware and software exploits, you can significantly reduce the risk of a successful attack. Additionally, being aware of the threat groups supported by the People’s Republic of China can help you take necessary precautions to protect your organization.

FAQs

Q: What is phishing-resistant multifactor authentication?

A: Phishing-resistant multifactor authentication is a security measure that uses a combination of factors such as something you know (like a password), something you have (like a smart card), or something you are (like a fingerprint) to verify your identity.

Q: Why is it important to disable unnecessary Cisco services?

A: Disabling unnecessary Cisco services can help reduce the attack surface of your network, making it more difficult for attackers to exploit vulnerabilities.

Q: What is the Volt Typhoon APT group?

A: The Volt Typhoon APT group is a threat group supported by the People’s Republic of China that has targeted government and businesses, using techniques such as spear phishing and social engineering to compromise networks and steal sensitive information.