Newly detected malware could have far-reaching impacts

Mysterious code found in networks that control communications and utilities

By Mark HoffmannKENOSHA.COM

A leader in the IT industry for nearly three decades, Hoffmann has helped small and large businesses take advantage of technology to better serve their customers and employees. Hoffmann is owner of CMIT Solutions of SE Wisconsin.

Government officials revealed last week that they are searching for malicious computer code embedded inside networks that control power grids, communications systems, and water supplies across the United States.

The malware was first discovered in May when Microsoft detected unusual code hidden in systems on Guam, the Pacific island that houses strategic American Air Force and Marine bases. After the mysterious code was later discovered in other systems housed near U.S. military bases at home and abroad, cybersecurity experts speculated that the Chinese government had implanted the code and could try to use it to interrupt military operations.

However, any disruption to those operations could have far-reaching consequences, a congressional official told The New York Times. In most locations, civilian, business, and military infrastructure are connected to the same utility systems—so any disturbance to electricity, water, fuel, railway, or Internet connectivity could affect millions.

What Else Is Known About the Malware?

Joint efforts between the Pentagon, the National Security Council, the Homeland Security Department, the FBI, and the CIA to hunt down and remove the code have been ongoing for months. Although they claim no classified systems have been breached, officials admit that the full extent of the code’s presence in networks around the world is unknown. Similarly unknown is the malware’s true intent.

According to cybersecurity experts, this latest intrusion is different because disruption is the goal, not surveillance. Another theory is that the suspicious code may be intended to distract U.S. officials and citizens. If interruptions to critical infrastructure at home happened while China took disputed military action abroad, the American public could be so fixated on domestic problems that they would pay little attention to an overseas conflict.

For now, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued an alert last week about the malware, saying it originated from Volt Typhoon, a state-sponsored Chinese hacking group, and was “living off the land.” That means the malicious code has avoided detection by blending in with day-to-day computer activity conducted by authorized users.

How Does the Malware Work?
Officials believe that the responsible hackers have used complex tactics to steal or mimic the authentication credentials of system administrators, who operate and monitor computer networks. Once those credentials are successfully used, hackers can essentially access any part of a network and surreptitiously implant their own code.

So far, no widespread public disruptions have been identified. But the malware attack only reinforces the belief that any individual, business, or organization can be infiltrated. That makes proactive protection critical for staying safe.

What Can Businesses and Individuals Do to Protect Themselves?
The usual technical advice is doled out in situations like these: monitor remote access protocols, analyze Internet traffic, and respond forcefully in the face of any suspicious activity. But for businesses, that behind-the-scenes work isn’t easy. That’s why it’s so important to partner with a trusted IT provider who specializes in such work and can enhance cybersecurity protection.

Here’s how CMIT Solutions responds to critical issues like this one:

  • Deploy multi-layered network security tools. This starts with basics like antivirus and anti-spam before expanding into more advanced territory with network analysis, audit logs, and reinforced administrative privileges. A reliable IT partner should proactively protect all systems by logging normal system performance so that intrusions can be detected before they wreak havoc on systems. Virtual private networks (VPNs), cloud-based architecture, and 24/7 support can also prevent disruptions and ensure safe, smooth operations.
  • Activate multi-factor authentication (MFA) for all users on all accounts. This security tactic has become a widespread industry standard, requiring all users to enter something they know (like a password) and something they have (like a unique code delivered via text or email) before logging in to any account. If your business has computers or applications not protected by MFA in place, you should have a trusted IT provider activate them immediately. This can minimize the threat of compromised passwords and eliminate the risk of hackers targeting your unprotected accounts.
  • Implement regular, remote, and redundant data backups. Many of us share our personal information widely on the Internet. But businesses should hold their data to a much higher standard, both to meet data privacy requirements and to instill trust in their clients. That’s why data backup is so important. When multiple copies of information are stored in different locations, any cyberattack can be mitigated by wiping affected devices clean and recovering the most recent backup. This also enhances remote and hybrid work while preventing any situation where a business might be tempted to pay ransom to a hacker to retrieve its data.
  • Automatically roll out security patches and software updates. Although the recent malware wasn’t delivered via flaws in popular applications or operating systems, hackers still commonly try to exploit such situations. To prevent vulnerabilities, a reliable technology services provider can help your business roll out the automated installation of patches and updates. These often operate during off hours and in the background, keeping your business safe while boosting office-hour productivity for employees.
  • Speaking of employees, provide them with relevant cybersecurity education and training. If your staff members have never been trained on social engineering or spearphishing scams, now’s the time to give them the knowledge they need. Training sessions can be held in-person and virtually, presenting common scenarios like simulated ransomware attacks and attempted business email compromise. When your employees see these methods in a controlled environment, they can learn how to respond. That reinforces proactive online behavior and sets your people up to serve as the first line of defense for your company.

Because the full extent of the recent malware isn’t known yet, it’s hard to predict the exact impacts it will have. But businesses across North America can use the news as an opportunity to shore up cybersecurity protections and enhance network defenses.

CMIT Solutions specializes in this kind of approach, preventing, detecting, and responding to online threats of all kinds. We’ve helped thousands of companies in the U.S. and Canada achieve operational resilience in the face of increasingly complex attacks.

We go the extra mile to protect the data, devices, and digital identities of our clients. While hackers devise new tricks to avoid standard network security defenses, our 900 plus staff members at offices across North America work day and night to develop new protections and enhance business success.

If you need a trusted partner to help you with cybersecurity, contact CMIT Solutions today.