Five ways to mitigate Volt Typhoon's attacks as they mine for US data

In January, the FBI shut down a botnet of hundreds of home and office routers that Chinese cyber criminals were using to obfuscate their hacking of critical infrastructure in the US. Volt Typhoon has compromised critical infrastructure within communications, transportation, water, energy, and other sectors, US agencies confirmed in a cybersecurity advisory published last week.

Volt Typhoon not only exploits known or zero-day vulnerabilities in routers but also in firewalls and VPNs. They then connect to a victim’s network using a VPN to further their schemes, according to the Cybersecurity and Infrastructure Security Agency (CISA).

Whether you’re working remotely or in the office, there are a few key steps you can take to mitigate the reach of Volt Typhoon and other hacking groups mining for US data.

IT Brew caught up with Mike Bimonte, who serves as the CTO for state, local, and education (SLED) government sectors at cybersecurity company Armis, to chat cyber risk patterns and staying safe.

1. Get full visibility of your network

For IT pros specifically, Bimonte recommends they have a bird’s-eye view when it comes to their network and “connected assets.” One strategy may be to segment legacy technologies, which, he wrote via email, can help “improve network performance,” “reduce the risk of cyberattacks,” and “protect their mission-critical assets.”

2. Monitor systems—and prioritize

“It’s imperative to take action before a compromised device becomes a compromised network, as attackers can take control of an access point and move laterally between network segments,” Bimonte told IT Brew in an email.

The former deputy commissioner for IT services in NYC advises people to monitor their systems for “rogue devices,” which he said will help identify suspicious or malicious activity. In the IT workspace, he said organizations should take steps to prioritize “exposures of the greatest significance,” which allows teams to focus on the most prominent vulnerabilities.

3. Turn on MFA

Not only is it vital to turn on multi-factor authentication (MFA) for your accounts, but CISA also advises people to employ MFA methods that are phishing-resistant. Phishing-resistant MFA is “designed to prevent MFA bypass attacks,” Bob Lord, a senior technical advisor at the agency wrote in April 2023. “Phishing resistant MFA can come in a few forms, like smartcards or FIDO security keys.”

4. Make sure logging is enabled—and apply patches

CISA also advises people to make sure that logging is turned on for “application,access, and security logs” and that people are storing these logs in a central location. They also suggest applying patches for “internet-facing systems,” and installing patches on vulnerabilities found in devices that are commonly exploited by Volt Typhoon, such as those from NETGEAR, Citrix, Cisco and more.

5. Be mindful of your environment

Implementing better security practices at home—given the landscape of hybrid and remote work—can also help “ensure that physical workplaces are kept safe,” according to Bimonte. “With today’s hybrid work model, organizations’ security is inextricably linked with the security of their employees’ home environment,” he wrote.